>= 7.13.0, < 7.14.1
HIGH8.8CVE-2020-7009Improper Privilege Management in Elasticsearch >= 6.7.0, < 6.8.8, >= 7.0.0, < 7.6.2
>= 6.7.0, < 6.8.8, >= 7.0.0, < 7.6.2
HIGH7.5All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
>= 7.13.3, < 7.13.4
HIGH7.5Elasticsearch vulnerable to Uncontrolled Resource Consumption
from 0, < 7.17.13, >= 8.0.0, < 8.8.3
HIGH7.5Improper Check for Unusual or Exceptional Conditions in Elasticsearch
>= 8.0.0, < 8.2.1
MEDIUM6.8Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
MEDIUM6.5Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data
from 0, < 8.19.9, >= 9.0.0, < 9.1.9, >= 9.2.0, < 9.2.3
MEDIUM6.5Elasticsearch Uncontrolled Resource Consumption Vulnerability
>= 7.17.0, < 7.17.25, >= 8.0.0, < 8.16.0
MEDIUM6.5Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
>= 7.17.0, < 8.15.1
MEDIUM6.5Elasticsearch allocation of resources without limits or throttling leads to crash
>= 7.17.0, < 7.17.21, >= 8.0.0, < 8.13.3
MEDIUM6.5Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
>= 8.10.0, < 8.14.0
MEDIUM6.5Elasticsearch Improper Handling of Exceptional Conditions
>= 7.0.0, < 7.17.14, >= 8.0.0, < 8.10.3
MEDIUM6.5Elasticsearch vulnerable to stack overflow in the search API
>= 7.0.0, < 7.17.13, >= 8.0.0, < 8.9.1
MEDIUM6.5Generation of Error Message Containing Sensitive Information in Elasticsearch
>= 7.10.0, < 7.13.4
MEDIUM6.5Improper privilege management in elasticsearch
from 0, < 6.8.12, >= 7.0.0, < 7.9.0
MEDIUM6.5Exposure of sensitive information in Elasticsearch
>= 7.11.0, < 7.14.0
MEDIUM6.0Elasticsearch-hadoop Unsafe Deserialization
from 0, < 7.17.11, >= 8.0.0, < 8.9.0
MEDIUM5.7Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
from 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
MEDIUM5.7Denial of Service in Elasticsearch
from 0, < 6.8.17, >= 7.0.0, < 7.13.3
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
from 0, < 6.8.15, >= 7.11.0, < 7.11.2
MEDIUM5.3API information disclosure flaw in Elasticsearch
from 0, < 6.8.15, >= 7.11.0, < 7.11.2
MEDIUM5.2Elasticsearch Insertion of Sensitive Information into Log File
>= 7.0.0, < 7.17.16, >= 8.0.0, < 8.11.2
MEDIUM4.9Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation
from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
MEDIUM4.9Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
>= 7.17.0, < 7.17.24, >= 8.0.0, < 8.15.1
MEDIUM4.9Elasticsearch stores private key on disk unencrypted
>= 7.0.0, < 7.17.23, >= 8.0.0, < 8.13.0
MEDIUM4.9Elasticsearch StackOverflow vulnerability
>= 8.13.1, < 8.14.0
MEDIUM4.9Elasticsearch Uncontrolled Resource Consumption vulnerability
>= 7.0.0, < 7.17.19, >= 8.0.0, < 8.13.0
MEDIUM4.9Insertion of Sensitive Information into Log File in Elasticsearch
from 0, < 6.8.14, >= 7.0.0, < 7.10.0
MEDIUM4.8Insufficiently Protected Credentials in Elasticsearch
>= 7.7.0, < 7.10.2
MEDIUM4.4Elasticsearch Incorrect Authorization vulnerability
>= 8.10.0, < 8.13.0
MEDIUM4.3Elasticsearch Uncaught Exception leading to crash
>= 8.4.0, < 8.11.1
MEDIUM4.3Elasticsearch privilege escalation
>= 7.16.0, < 7.17.1
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor
>= 7.6.0, < 7.11.1
MEDIUM4.1Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
>= 7.0.0, < 7.17.13, >= 8.0.0, < 8.9.2
LOW3.1Privilege Context Switching Error in Elasticsearch
from 0, < 6.8.13, >= 7.0.0, < 7.9.2
—Elasticsearch Incorrect Authorization vulnerability
>= 8.16.0, < 8.17.0