Vulnerabilidades em Elastic
233 resultadosCVE-2017-8449—X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grantEPSS 0.8%CVE-2015-9056—Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.EPSS 0.8%CVE-2020-7015—Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVEPSS 0.8%CVE-2018-3829—In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invaEPSS 0.8%CVE-2022-23710—A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which coEPSS 0.7%CVE-2017-11482—The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open rediEPSS 0.7%CVE-2018-3821—Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that coEPSS 0.7%CVE-2017-8441—Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug EPSS 0.7%CVE-2021-37937MEDIUMElasticsearch privilege escalationEPSS 0.7%CVE-2021-22151LOWKibana path traversal issueEPSS 0.7%CVE-2021-37938—It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf fileEPSS 0.7%CVE-2022-23713—A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to beEPSS 0.7%CVE-2017-8446—The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonaEPSS 0.7%CVE-2018-3826—In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameEPSS 0.7%CVE-2018-3820—Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacEPSS 0.7%CVE-2024-23449MEDIUMElasticsearch Uncaught ExceptionEPSS 0.7%CVE-2022-23715—A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and ElasticsearcEPSS 0.7%CVE-2023-31422CRITICALKibana Insertion of Sensitive Information into Log FileEPSS 0.7%CVE-2023-46671HIGHKibana Insertion of Sensitive Information into Log FileEPSS 0.7%CVE-2019-7621—Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attackeEPSS 0.7%