Latest Vulnerabilities Affecting Elasticsearch products

Date CVE Title CVSS
2017-08-18 CVE-2017-8445 Improper Certificate Validation vulnerability in Elasticsearch X Pack Low
2017-08-18 CVE-2017-8446 Permission Issues vulnerability in Elasticsearch X Pack and X Pack Reporting Medium
2017-08-09 CVE-2015-5619 Improper Certificate Validation vulnerability in Elasticsearch Logstash Medium
2017-08-09 CVE-2015-4165 Permissions, Privileges, and Access Control vulnerability in Elasticsearch 1.5.2 Medium
2017-07-07 CVE-2017-8442 Information Leak / Disclosure vulnerability in Elasticsearch X Pack Medium
2017-06-30 CVE-2017-8443 Information Leak / Disclosure vulnerability in Elasticsearch Kibana 5.4.2 Medium
2017-06-27 CVE-2015-5378 Information Leak / Disclosure vulnerability in Elasticsearch Logstash Medium
2017-06-16 CVE-2016-10365 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Elasticsearch Kibana 4.6.2/5.0.0 Medium
2017-06-16 CVE-2016-1000221 Information Leak / Disclosure vulnerability in Elasticsearch Logstash 2.3.3 Medium
2017-06-16 CVE-2017-8449 Information Leak / Disclosure vulnerability in Elasticsearch X Pack 5.2.0/5.2.1/5.2.2 Medium
2017-06-16 CVE-2017-8450 Information Leak / Disclosure vulnerability in Elasticsearch X Pack 5.1.1 Medium
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elasticsearch Kibana 4.1.0/4.5.0 Medium
2017-06-16 CVE-2016-10366 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2017-06-16 CVE-2015-9056 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana 4.2.0 Medium
2017-06-16 CVE-2016-1000220 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana 4.1.0/4.5.0 Medium