Vulnerabilities > Elastic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-3823 | Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. | 5.4 |
| 2018-03-30 | CVE-2018-3821 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3820 | Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3819 | Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. | 6.1 |
| 2018-03-30 | CVE-2018-3818 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3817 | Information Exposure vulnerability in Elastic Logstash When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | 6.5 |
| 2017-12-08 | CVE-2017-11482 | Open Redirect vulnerability in Elastic Kibana The Kibana fix for CVE-2017-8451 was found to be incomplete. | 6.1 |
| 2017-12-08 | CVE-2017-11481 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-09-29 | CVE-2017-8447 | Improper Privilege Management vulnerability in Elastic X-Pack An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. | 6.5 |
| 2017-09-29 | CVE-2017-11479 | Cross-site Scripting vulnerability in multiple products Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |