VYPR

Vendor CVEs

Elastic

All CVEs

258 total · sorted by risk
  • CVE-2015-1427CriKEVFeb 17, 2015
    risk 0.87cvss 9.8epss 1.00

    The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

  • CVE-2014-3120HigKEVJul 28, 2014
    risk 0.68cvss 8.1epss 0.89

    The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user…

  • CVE-2018-3822CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with…

  • CVE-2024-52975CriJan 23, 2025
    risk 0.59cvss 9.0epss 0.00

    An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

  • CVE-2015-5377CriMar 6, 2018
    risk 0.58cvss 9.8epss 0.15

    Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

  • CVE-2018-3831HigSep 19, 2018
    risk 0.57cvss 8.8epss 0.02

    Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens,…

  • CVE-2017-8448HigSep 29, 2017
    risk 0.57cvss 8.8epss 0.01

    An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.

  • CVE-2016-1000218HigJun 16, 2017
    risk 0.57cvss 8.8epss 0.01

    Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.

  • CVE-2017-8438HigJun 5, 2017
    risk 0.57cvss 8.8epss 0.01

    Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties,…

  • CVE-2018-3827HigSep 19, 2018
    risk 0.53cvss 8.1epss 0.01

    A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

  • CVE-2017-14730HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

  • CVE-2018-3828HigSep 19, 2018
    risk 0.49cvss 7.5epss 0.01

    Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An…

  • CVE-2015-4165HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.04

    The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application…

  • CVE-2015-5378HigJun 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

  • CVE-2017-8452HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.

  • CVE-2017-8450HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.

  • CVE-2016-10363HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled…

  • CVE-2016-1000222HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

  • CVE-2016-1000219HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.02

    Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as…

  • CVE-2026-33466HigApr 8, 2026
    risk 0.46cvss 8.1epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths…

  • CVE-2025-37735HigNov 6, 2025
    risk 0.46cvss 7.0epss 0.00

    Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.

  • CVE-2025-25011HigJul 30, 2025
    risk 0.46cvss 7.0epss 0.00

    An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete…

  • CVE-2025-0712HigJul 30, 2025
    risk 0.46cvss 7.0epss 0.00

    An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete…

  • CVE-2026-42398HigMay 28, 2026
    risk 0.43cvss 7.7epss 0.00

    Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound…

  • CVE-2026-4498HigApr 8, 2026
    risk 0.43cvss 7.7epss 0.00

    Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges…

  • CVE-2026-33461HigApr 8, 2026
    risk 0.43cvss 7.7epss 0.00

    Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens,…

  • CVE-2026-49095MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism…

  • CVE-2026-33464MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process…

  • CVE-2026-0529MedJan 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface…

  • CVE-2025-37730MedMay 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

  • CVE-2025-25013MedApr 8, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.

  • CVE-2018-3826MedSep 19, 2018
    risk 0.42cvss 6.5epss 0.01

    In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API.

  • CVE-2018-3817MedMar 30, 2018
    risk 0.42cvss 6.5epss 0.01

    When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.

  • CVE-2017-11480HigDec 8, 2017
    risk 0.42cvss 7.5epss 0.01

    Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat…

  • CVE-2017-8447MedSep 29, 2017
    risk 0.42cvss 6.5epss 0.01

    An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.

  • CVE-2017-8442MedJul 7, 2017
    risk 0.42cvss 6.5epss 0.01

    Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an…

  • CVE-2017-8443MedJun 30, 2017
    risk 0.42cvss 6.5epss 0.01

    In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The…

  • CVE-2016-10364MedJun 16, 2017
    risk 0.42cvss 6.5epss 0.01

    With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

  • CVE-2016-10362MedJun 16, 2017
    risk 0.42cvss 6.5epss 0.01

    Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

  • CVE-2016-1000221HigJun 16, 2017
    risk 0.42cvss 7.5epss 0.02

    Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

  • CVE-2018-3830MedSep 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2018-3824MedSep 19, 2018
    risk 0.40cvss 6.1epss 0.01

    X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to…

  • CVE-2018-3821MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2018-3820MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2018-3819MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

  • CVE-2018-3818MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2017-11482MedDec 8, 2017
    risk 0.40cvss 6.1epss 0.01

    The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

  • CVE-2017-11481MedDec 8, 2017
    risk 0.40cvss 6.1epss 0.01

    Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2017-11479MedSep 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2017-8451MedJun 16, 2017
    risk 0.40cvss 6.1epss 0.01

    With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Page 1 of 6