Max CVSS 6.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-7010 5.0
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the
10-02-2024 - 03:00 03-06-2020 - 18:15
CVE-2019-7616 4.0
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an
03-03-2023 - 19:17 30-07-2019 - 22:15
CVE-2019-7614 4.3
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header co
03-03-2023 - 19:17 30-07-2019 - 22:15
CVE-2019-7615 5.8
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by th
03-03-2023 - 17:48 30-07-2019 - 22:15
CVE-2020-7016 2.1
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
16-11-2022 - 03:54 27-07-2020 - 18:15
CVE-2020-7017 4.6
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of
07-10-2022 - 17:56 27-07-2020 - 18:15
CVE-2020-7013 6.5
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead t
26-06-2020 - 18:55 03-06-2020 - 18:15
CVE-2020-7014 6.5
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able
19-06-2020 - 11:15 03-06-2020 - 18:15
CVE-2020-7015 3.5
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions,
05-06-2020 - 18:48 03-06-2020 - 18:15
CVE-2020-7012 6.5
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code.
05-06-2020 - 18:36 03-06-2020 - 18:15
CVE-2020-7011 4.3
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is abl
05-06-2020 - 18:11 03-06-2020 - 18:15
CVE-2020-7009 6.5
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API ke
09-04-2020 - 14:58 31-03-2020 - 19:15
CVE-2019-7621 3.5
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another
10-02-2020 - 21:53 18-12-2019 - 20:15
CVE-2019-7617 6.4
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of t
09-10-2019 - 23:52 22-08-2019 - 17:15
Back to Top Mark selected
Back to Top