Bitnami/elk — 56 CVEs · VulnScope

pkg:Bitnami/elk

56 total CVEsCRITICAL3HIGH12MEDIUM41

✅ Check your installed version

All known vulnerabilities

CRITICAL9.9CVE-2025-25015Kibana arbitrary code execution via prototype pollution
>= 8.15.0, < 8.17.3
CRITICAL9.8CVE-2025-25014Kibana arbitrary code execution via prototype pollution
>= 8.3.0, < 8.18.1, >= 9.0.0, < 9.0.1
CRITICAL9.8CVE-2024-12556Kibana Prototype Pollution can lead to code injection
>= 8.16.1, < 8.17.1
HIGH8.8Kibana Improper Authorization
>= 8.12.0, < 8.12.1
HIGH8.8A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted p…
>= 8.15.0, < 8.15.1
HIGH8.6External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector
from 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4
HIGH7.7Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
>= 9.0.0, < 9.2.8, >= 9.3.0, < 9.3.2
HIGH7.7Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
>= 8.0.0, < 8.19.14, >= 9.0.0, < 9.2.8, >= 9.3.0, < 9.3.3
HIGH7.7Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
>= 9.3.0, < 9.3.3
HIGH7.7Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
>= 9.3.0, < 9.3.1
HIGH7.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.11, >= 9.0.0, < 9.2.5
HIGH7.5Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.11, >= 9.0.0, < 9.2.5
HIGH7.5Improper Input Validation in Kibana Leading to Denial of Service
>= 8.4.0, < 8.19.12, >= 9.0.0, < 9.2.6, >= 9.3.0, < 9.3.1
HIGH7.3Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5
HIGH7.2Kibana arbitrary code execution via YAML deserialization
>= 8.10.0, < 8.15.1
MEDIUM6.7In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw.
from 0, < 6.8.11, >= 7.0.0, < 7.8.1
MEDIUM6.5Improper Input Validation in Kibana Fleet Leading to Privilege Escalation
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5, >= 9.4.0, < 9.4.2
MEDIUM6.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.16
MEDIUM6.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5, >= 9.4.0, < 9.4.2
MEDIUM6.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5
MEDIUM6.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
from 0, < 9.4.2
MEDIUM6.5Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
>= 8.0.0, < 8.19.14, >= 9.0.0, < 9.2.8, >= 9.3.0, < 9.3.3
MEDIUM6.5Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
>= 8.0.0, < 8.19.14, >= 9.0.0, < 9.2.8, >= 9.3.0, < 9.3.3
MEDIUM6.5Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service
>= 8.18.0, < 8.19.12, >= 9.0.0, < 9.2.6, >= 9.3.0, < 9.3.1
MEDIUM6.5Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
from 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4
MEDIUM6.5Allocation of Resources Without Limits or Throttling in Kibana Fleet
from 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4
MEDIUM6.5Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation
from 0, < 8.19.10, >= 9.0.0, < 9.1.10, >= 9.2.0, < 9.2.4
MEDIUM6.5Kibana Allocation of Resources Without Limits or Throttling
from 0, < 8.19.9, >= 9.0.0, < 9.1.9, >= 9.2.0, < 9.2.3
MEDIUM6.5Kibana privilege escalation via reporting_user role
>= 9.0.0, < 9.0.6, >= 9.1.0, < 9.1.3
MEDIUM6.5An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash.
>= 7.17.0, < 7.17.23, >= 8.0.0, < 8.15.1
MEDIUM6.5Kibana exposure of sensitive information to an unauthorized actor
>= 8.0.0, < 8.15.0
MEDIUM6.5An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of…
>= 7.0.0, < 7.17.23, >= 8.0.0, < 8.15.0
MEDIUM6.5Kibana allocation of resources without limits or throttling leads to crash
>= 7.0.0, < 7.17.23, >= 8.0.0, < 8.15.0
MEDIUM6.5Kibana Denial of Service issue
>= 7.0.0, < 7.17.23, >= 8.0.0, < 8.14.0
MEDIUM6.3Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
>= 9.3.0, < 9.3.3
MEDIUM6.1Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
from 0, < 8.19.9, >= 9.0.0, < 9.1.9, >= 9.2.0, < 9.2.3
MEDIUM6.1Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
from 0, < 8.19.9, >= 9.0.0, < 9.1.9, >= 9.2.0, < 9.2.3
MEDIUM6.1Kibana Stored Cross-Site Scripting (XSS)
from 0, < 8.18.8, >= 8.19.0, < 8.19.4, >= 9.0.0, < 9.0.7, >= 9.1.0, < 9.1.4
MEDIUM6.1Kibana open redirect issue
from 0, < 7.17.22, >= 8.11.1, < 8.14.0
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.4.0
MEDIUM5.4Kibana Cross-site Scripting via the Integration Package Upload Functionality
from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
MEDIUM5.4Kibana Stored Cross-Site Scripting (XSS)
from 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
MEDIUM5.4Kibana Insufficiently Protected Credentials in the CrowdStrike Connector
from 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
MEDIUM5.4Kibana Cross-Site Scripting (XSS)
from 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
MEDIUM5.4Kibana Open Redirect
>= 7.0.0, < 7.17.29, >= 8.0.0, < 8.18.3, >= 9.0.0, < 9.0.3
MEDIUM5.4Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS
>= 7.17.6, < 7.17.23, >= 8.4.0, < 8.12.0
MEDIUM5.3Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5
MEDIUM4.9A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafte…
from 0, < 8.14.0
MEDIUM4.8Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion.
from 0, < 6.8.11, >= 7.0.0, < 7.8.1
MEDIUM4.3Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
>= 8.0.0, < 8.19.14, >= 9.0.0, < 9.2.8, >= 9.3.0, < 9.3.3
MEDIUM4.3Kibana Improper Authorization
from 0, < 8.19.7, >= 9.0.0, < 9.1.7, >= 9.2.0, < 9.2.1
MEDIUM4.3Kibana Improper Authorization
from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
MEDIUM4.3Kibana Origin Validation Error
>= 8.12.0, < 8.19.7, >= 9.1.0, < 9.1.7, >= 9.2.0, < 9.2.1
MEDIUM4.3Kibana Unrestricted Upload of File
>= 7.17.0, < 7.17.18, >= 8.0.0, < 8.13.0
MEDIUM4.3Kibana server-side request forgery
>= 8.7.0, < 8.15.0
MEDIUM4.3Kibana Broken Access Control issue
>= 8.6.3, < 8.14.0