Vulnerabilities > Elastic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2019-7621 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. | 5.4 |
| 2019-10-30 | CVE-2019-7619 | Unspecified vulnerability in Elastic Elasticsearch Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. | 5.3 |
| 2019-10-01 | CVE-2019-7618 | Path Traversal vulnerability in Elastic Kibana 7.3.0/7.3.1/7.3.2 A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. | 6.5 |
| 2019-07-30 | CVE-2019-7616 | Server-Side Request Forgery (SSRF) vulnerability in Elastic Kibana Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. | 4.9 |
| 2019-07-30 | CVE-2019-7614 | Race Condition vulnerability in Elastic Elasticsearch A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. | 5.9 |
| 2019-03-25 | CVE-2019-7608 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-12-20 | CVE-2018-17247 | XXE vulnerability in Elastic Elasticsearch 6.5.0/6.5.1 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. | 5.9 |
| 2018-12-20 | CVE-2018-17244 | Information Exposure vulnerability in Elastic Elasticsearch 6.4.0/6.4.1/6.4.2 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. | 6.5 |
| 2018-09-19 | CVE-2018-3830 | Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-09-19 | CVE-2018-3829 | Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. | 5.3 |