Latest Vulnerabilities Affecting Elasticsearch products

Date CVE Title CVSS
2017-06-16 CVE-2017-8452 File Descriptor Exhaustion vulnerability in Elasticsearch Kibana 5.2.0 Medium
2017-06-16 CVE-2016-10362 Information Leak / Disclosure vulnerability in Elasticsearch Output Plugin 5.0.0 Medium
2017-06-16 CVE-2016-10364 Permissions, Privileges, and Access Control vulnerability in Elasticsearch Kibana 5.0.0/5.0.1 Medium
2017-06-16 CVE-2017-8451 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Elasticsearch Kibana 5.3.0 Medium
2017-06-16 CVE-2016-10363 Improper Resource Shutdown or Release vulnerability in Elasticsearch Logstash 2.3.2 Medium
2017-06-05 CVE-2017-8439 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana 5.4.0 Medium
2017-06-05 CVE-2017-8440 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana Medium
2015-12-07 CVE-2015-8131 Cross-Site Request Forgery (CSRF) vulnerability in Elasticsearch Kibana 4.1.2/4.2.0 Medium
2015-08-17 CVE-2015-5531 Path Traversal vulnerability in Elasticsearch 1.6.0 Medium
2015-06-15 CVE-2015-4152 Path Traversal vulnerability in Elasticsearch Logstash 1.4.2 Medium
2015-06-15 CVE-2015-4093 Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana 4.0.0/4.0.1/4.0.2 Medium
2015-05-01 CVE-2015-3337 Path Traversal vulnerability in Elasticsearch 1.4.4/1.5.0/1.5.1 Medium
2015-02-17 CVE-2015-1427 Improper Access Control vulnerability in Elasticsearch High
2014-10-10 CVE-2014-6439 Cross-Site Scripting (XSS) vulnerability in Elasticsearch 1.3.3 Medium
2014-07-28 CVE-2014-3120 Improper Access Control vulnerability in Elasticsearch 1.1.1 Medium