Vulnerabilities > Elasticsearch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-7017 | Cross-site Scripting vulnerability in multiple products In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. | 6.7 |
| 2020-07-27 | CVE-2020-7016 | Resource Exhaustion vulnerability in multiple products Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. | 4.8 |
| 2017-09-29 | CVE-2017-8444 | Unspecified vulnerability in Elasticsearch Cloud Enterprise 1.0.0/1.0.1 The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. | 5.9 |
| 2017-09-29 | CVE-2017-11479 | Cross-site Scripting vulnerability in multiple products Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-08-18 | CVE-2017-8446 | Improper Privilege Management vulnerability in Elasticsearch X-Pack and X-Pack Reporting The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. | 5.3 |
| 2017-08-09 | CVE-2015-5619 | Improper Certificate Validation vulnerability in multiple products Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | 5.9 |
| 2017-06-16 | CVE-2016-10362 | Information Exposure vulnerability in Elasticsearch Output Plugin 2.3.3/5.0.0 Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. | 6.5 |