Latest Vulnerabilities Affecting Elasticsearch products

Date CVE Title CVSS
2019-07-30 CVE-2019-7616 Server-Side Request Forgery (SSRF) vulnerability in Elasticsearch Kibana Medium
2018-12-20 CVE-2018-17246 Command Injection vulnerability in Elasticsearch and Redhat products High
2018-12-20 CVE-2018-17245 Credentials Management vulnerability in Elasticsearch Kibana Medium
2018-09-19 CVE-2018-3830 Cross-Site Scripting (XSS) vulnerability in Elasticsearch and Redhat products Medium
2018-03-30 CVE-2018-3818 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2018-03-30 CVE-2018-3820 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana 6.1.1/6.1.2 Medium
2018-03-30 CVE-2018-3821 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2018-03-30 CVE-2018-3817 Information Leak / Disclosure vulnerability in Elasticsearch Logstash Medium
2018-03-30 CVE-2018-3819 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Elasticsearch Kibana Medium
2017-12-08 CVE-2017-11481 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2017-12-08 CVE-2017-11480 Improper Access Control vulnerability in Elasticsearch Packetbeat 5.6.4 Medium
2017-12-08 CVE-2017-11482 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Elasticsearch Kibana Medium
2017-09-29 CVE-2017-8444 Cryptographic Issues vulnerability in Elasticsearch Cloud Enterprise 1.0.0/1.0.1 Medium
2017-09-29 CVE-2017-11479 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2017-09-25 CVE-2017-14730 Permissions, Privileges, and Access Control vulnerability in Elasticsearch Logstash High