Vulnerabilities > Elastic > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
low complexity
elastic CWE-79
5.4
2021-12-07 CVE-2021-37940 Server-Side Request Forgery (SSRF) vulnerability in Elastic Enterprise Search
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration.
network
low complexity
elastic CWE-918
6.8
2021-11-18 CVE-2021-37938 Path Traversal vulnerability in Elastic Kibana
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files.
network
low complexity
elastic CWE-22
4.3
2021-09-15 CVE-2021-22147 Missing Authorization vulnerability in Elastic Elasticsearch
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots.
network
low complexity
elastic CWE-862
6.5
2021-07-26 CVE-2021-22144 Uncontrolled Recursion vulnerability in multiple products
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser.
network
low complexity
elastic oracle CWE-674
6.5
2021-07-21 CVE-2021-22145 Information Exposure Through an Error Message vulnerability in multiple products
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
network
low complexity
elastic oracle CWE-209
6.5
2021-06-02 CVE-2020-10743 It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests.
network
low complexity
elastic redhat
4.3
2021-05-13 CVE-2021-22135 Information Exposure vulnerability in Elastic Elasticsearch
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled.
network
low complexity
elastic CWE-200
5.3
2021-05-13 CVE-2021-22137 Improper Preservation of Permissions vulnerability in Elastic Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used.
network
low complexity
elastic CWE-281
5.3
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
6.5