|Link||package | bugs open | bugs closed | Wiki | GitHub | web search|
A memory disclosure vulnerability was identified in Elasticsearch’s error reporting in versions 7.10.0 up to 7.13.3. A user with the ability to submit...
|CVE-2021-22144||AVG-1638||Medium||Yes||Denial of service||
An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser before versions 7.13.3...
A document disclosure flaw was found in Elasticsearch versions before 6.8.15 and 7.11.2 when Document or Field Level Security is used. Search queries do not...
In Elasticsearch versions before 7.11.2 and 6.8.15, a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and...
A document disclosure flaw was found in Elasticsearch before version 7.11.0 when Document or Field Level Security is used. Get requests do not properly...
|CVE-2021-44228||AVG-2620||Critical||Yes||Arbitrary code execution||
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
A security issue has been found in Elasticsearch versions from 7.13.0 through 7.14.0. An issue was found with how API keys are created with the fleet-server...
|CVE-2021-22149||AVG-1884||High||Yes||Access restriction bypass||
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were missing authorization via an alternate...
|CVE-2021-22148||AVG-1884||High||Yes||Access restriction bypass||
A flaw in Elastic App Search in Elastic Enterprise Search versions prior to 7.14.0 was discovered where API keys were not bound to the same engines as their...
A flaw was discovered in Elasticsearch versions 7.11.0 to 7.13.4 where document and field level security was not applied to searchable snapshots. This could...
|CVE-2021-22140||AVG-1884||Critical||Yes||Xml external entity injection||
An XML External Entity Injection issue (XXE) was found in the App Search web crawler beta feature. Using this vector, an attacker whose website is being...
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly...
A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split...
|25 Feb 2019||ASA-201902-27||AVG-912||High||privilege escalation|