Vulnerabilities > Elastic > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 5.0 |
2017-06-16 | CVE-2016-1000221 | Information Exposure vulnerability in Elastic Logstash Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | 5.0 |
2017-06-16 | CVE-2016-1000220 | Cross-site Scripting vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | 4.3 |
2017-06-16 | CVE-2016-1000219 | Improper Authorization vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. | 5.0 |
2017-06-16 | CVE-2016-1000218 | Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | 6.8 |
2017-06-16 | CVE-2015-9056 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | 4.3 |
2017-06-05 | CVE-2017-8441 | Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. | 4.0 |
2017-06-05 | CVE-2017-8440 | Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 4.3 |
2017-06-05 | CVE-2017-8439 | Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. | 4.3 |
2017-06-05 | CVE-2017-8438 | Improper Privilege Management vulnerability in Elastic X-Pack Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. | 6.5 |