Vulnerabilidades em Elastic

233 resultados
CVE-2016-10364With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL servEPSS 1.0%CVE-2020-7011Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If theEPSS 1.0%CVE-2023-31415CRITICALKibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send EPSS 1.0%CVE-2024-23450MEDIUMElasticsearch Uncontrolled Resource Consumption vulnerabilityEPSS 0.9%CVE-2016-10366Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.EPSS 0.9%CVE-2021-22149Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alteEPSS 0.9%CVE-2021-22148Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as EPSS 0.9%CVE-2017-8442Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuratEPSS 0.9%CVE-2017-8451With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to cEPSS 0.9%CVE-2018-3818Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow anEPSS 0.9%CVE-2022-23708A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built proEPSS 0.9%CVE-2022-38778MEDIUMA flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a requEPSS 0.9%CVE-2018-3824X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject datEPSS 0.9%CVE-2022-23711A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack moEPSS 0.9%CVE-2017-8450X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a doEPSS 0.9%CVE-2018-3819The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirectEPSS 0.9%CVE-2021-37940An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github EnterpriEPSS 0.8%CVE-2017-8448An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could creatEPSS 0.8%CVE-2023-46673MEDIUMIt was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when EPSS 0.8%CVE-2017-11481Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtaiEPSS 0.8%