Vulnerabilities > Elastic > Low

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-31413 Information Exposure Through Log Files vulnerability in Elastic Filebeat 8.6.2
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.
local
low complexity
elastic CWE-532
3.3
3.3
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
elastic CWE-79
3.5
3.5
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
local
low complexity
elastic CWE-613
3.6
3.6
2021-02-10 CVE-2021-22133 Information Exposure Through Log Files vulnerability in Elastic APM Agent
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic.
low complexity
elastic CWE-532
2.7
2.7
2021-01-14 CVE-2021-22132 Insufficiently Protected Credentials vulnerability in multiple products
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API.
network
high complexity
elastic oracle CWE-522
2.1
2.1
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
elastic CWE-269
3.5
3.5
2020-06-03 CVE-2020-7015 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
network
elastic CWE-79
3.5
3.5
2019-12-18 CVE-2019-7621 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
network
elastic CWE-79
3.5
3.5
2019-10-01 CVE-2019-7618 Path Traversal vulnerability in Elastic Kibana 7.3.0/7.3.1/7.3.2
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2.
network
elastic CWE-22
3.5
3.5
2018-09-19 CVE-2018-3828 Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability.
network
elastic CWE-532
3.5
3.5