Vulnerabilities > Elastic > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2022-23707 | Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. | 5.4 |
2021-12-07 | CVE-2021-37940 | Server-Side Request Forgery (SSRF) vulnerability in Elastic Enterprise Search An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. | 6.8 |
2021-11-18 | CVE-2021-37938 | Path Traversal vulnerability in Elastic Kibana It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
2021-09-15 | CVE-2021-22147 | Missing Authorization vulnerability in Elastic Elasticsearch Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. | 6.5 |
2021-07-26 | CVE-2021-22144 | Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. | 6.5 |
2021-07-21 | CVE-2021-22145 | Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. | 6.5 |
2021-06-02 | CVE-2020-10743 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
2021-05-13 | CVE-2021-22135 | Information Exposure vulnerability in Elastic Elasticsearch Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. | 5.3 |
2021-05-13 | CVE-2021-22137 | Improper Preservation of Permissions vulnerability in Elastic Elasticsearch In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. | 5.3 |
2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 6.5 |