Vulnerabilities > Elastic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-3826 | Missing Encryption of Sensitive Data vulnerability in Elastic Elasticsearch In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. | 6.5 |
| 2018-09-19 | CVE-2018-3825 | Insecure Default Initialization of Resource vulnerability in Elastic Cloud Enterprise In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. | 5.9 |
| 2018-09-19 | CVE-2018-3824 | Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2018-09-19 | CVE-2018-3823 | Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. | 5.4 |
| 2018-03-30 | CVE-2018-3821 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3820 | Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3819 | Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. | 6.1 |
| 2018-03-30 | CVE-2018-3818 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3817 | Information Exposure vulnerability in Elastic Logstash When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | 6.5 |
| 2017-12-08 | CVE-2017-11482 | Open Redirect vulnerability in Elastic Kibana The Kibana fix for CVE-2017-8451 was found to be incomplete. | 6.1 |