Vulnerabilities > Elastic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-31417 | Information Exposure Through Log Files vulnerability in Elastic Elasticsearch Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. | 4.4 |
| 2023-10-26 | CVE-2023-46666 | Unspecified vulnerability in Elastic Sharepoint Online Python Connector An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. | 6.5 |
| 2023-02-22 | CVE-2022-38779 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2023-02-08 | CVE-2022-38778 | Improper Input Validation vulnerability in multiple products A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | 6.5 |
| 2022-11-18 | CVE-2021-22141 | Open Redirect vulnerability in Elastic Kibana An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. | 6.1 |
| 2022-11-18 | CVE-2021-37936 | Cross-site Scripting vulnerability in Elastic Kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. | 5.4 |
| 2022-09-28 | CVE-2022-23716 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | 5.3 |
| 2022-08-25 | CVE-2022-23715 | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. | 6.5 |
| 2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
| 2022-04-21 | CVE-2022-23711 | Unspecified vulnerability in Elastic Kibana A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. | 5.3 |