HIGH8.1CVE-2014-3120⚠ KEVElasticsearch Improper Access Control vulnerability from 0, < 1.4.0.Beta1
from 0, < 1.3.8
HIGH8.8Improper Privilege Management in Elasticsearch
>= 6.7.0, < 6.8.8
HIGH8.8Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
>= 5.6.0, < 5.6.12
HIGH8.8Privilege Escalation Flaw in Elasticsearch
>= 6.7.0, < 6.8.8
HIGH8.1Improper Access Control in Elasticsearch
from 0, < 5.6.15
HIGH7.5Elasticsearch vulnerable to Uncontrolled Resource Consumption
from 0, < 7.17.13
HIGH7.5Improper Check for Unusual or Exceptional Conditions in Elasticsearch
>= 8.0.0, < 8.2.1
HIGH7.5Improper Access Control in Elasticsearch
from 0, < 1.6.0
MEDIUM6.8Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
>= 7.0.0-alpha1, < 8.19.8
MEDIUM6.5Elasticsearch Uncontrolled Resource Consumption Vulnerability
from 0, < 7.17.25
MEDIUM6.5Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
>= 7.17.0, < 8.15.1
MEDIUM6.5Elasticsearch allocation of resources without limits or throttling leads to crash
from 0, < 7.17.21
MEDIUM6.5Elasticsearch Improper Handling of Exceptional Conditions
>= 7.0.0, < 7.17.14
MEDIUM6.5Elasticsearch vulnerable to stack overflow in the search API
>= 7.0.0, < 7.17.13
MEDIUM6.5Improper privilege management in elasticsearch
>= 7.0.0, < 7.9.0
MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
>= 6.4.0, < 6.4.3
MEDIUM6.5Exposure of sensitive information in Elasticsearch
>= 7.11.0, < 7.14.0
MEDIUM6.1Elasticsearch subject to cross site scripting
from 0, < 5.6.9
MEDIUM5.9Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
from 0, < 6.8.2
MEDIUM5.9Improper Restriction of XML External Entity Reference in Elasticsearch
>= 6.5.0, < 6.5.2
MEDIUM5.7Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
>= 7.0.0, < 8.18.8
MEDIUM5.7Denial of Service in Elasticsearch
from 0, < 6.8.17
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
>= 7.11.0, < 7.11.2
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
>= 6.7.0, < 6.8.4
MEDIUM5.3API information disclosure flaw in Elasticsearch
>= 7.0.0, < 7.11.2
MEDIUM5.2Elasticsearch Insertion of Sensitive Information into Log File
from 0, < 7.17.16
MEDIUM4.9Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
>= 7.17.0, < 7.17.24
MEDIUM4.9Elasticsearch stores private key on disk unencrypted
>= 8.0.0-alpha1, < 8.13.0
MEDIUM4.9Elasticsearch StackOverflow vulnerability
>= 8.13.1, < 8.14.0
MEDIUM4.9Elasticsearch Uncontrolled Resource Consumption vulnerability
>= 7.0.0, < 7.17.19
MEDIUM4.9Insertion of Sensitive Information into Log File in Elasticsearch
from 0, < 6.8.14
MEDIUM4.8Insufficiently Protected Credentials in Elasticsearch
>= 7.7.0, < 7.10.2
MEDIUM4.4Elasticsearch Incorrect Authorization vulnerability
>= 8.10.0, < 8.13.0
MEDIUM4.3Elasticsearch Uncaught Exception leading to crash
>= 8.4.0, < 8.11.1
MEDIUM4.3Elasticsearch privilege escalation
>= 7.16.0, < 7.17.1
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor
>= 7.6.0, < 7.11.0
MEDIUM4.1Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
>= 7.0.0, < 7.17.13
LOW3.1Privilege Context Switching Error in Elasticsearch
from 0, < 6.8.13
—Elasticsearch Incorrect Authorization vulnerability
>= 8.16.0, < 8.16.2
—elasticsearch - security update
from 0, < 1.4.5
—Cross-site scripting in Elasticsearch
from 0, < 1.4.0.Beta1
—Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
from 0, < 1.6.1