Vulnerabilities > Elastic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-49922 | Information Exposure Through Log Files vulnerability in Elastic Beats 8.0.0/8.9.2 An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
| 2023-12-12 | CVE-2023-6687 | Information Exposure Through Log Files vulnerability in Elastic Agent 8.0.0/8.9.2 An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. | 6.5 |
| 2023-12-12 | CVE-2023-49923 | Information Exposure Through Log Files vulnerability in Elastic Enterprise Search An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. | 6.5 |
| 2023-11-22 | CVE-2021-22143 | Information Exposure Through Log Files vulnerability in Elastic APM .Net Agent The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. | 4.3 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-11-15 | CVE-2023-46672 | Information Exposure Through Log Files vulnerability in Elastic Logstash 7.12.1/8.10.0 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 5.5 |
| 2023-10-26 | CVE-2023-31416 | Unspecified vulnerability in Elastic Cloud on Kubernetes 1.1.0 Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. | 5.3 |
| 2023-10-26 | CVE-2023-31417 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. | 4.4 |
| 2023-10-26 | CVE-2023-46666 | Unspecified vulnerability in Elastic Sharepoint Online Python Connector An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. | 6.5 |
| 2023-02-22 | CVE-2022-38779 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |