Max CVSS | 6.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-7010 | 5.0 |
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the
|
10-02-2024 - 03:00 | 03-06-2020 - 18:15 | |
CVE-2019-7616 | 4.0 |
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an
|
03-03-2023 - 19:17 | 30-07-2019 - 22:15 | |
CVE-2019-7614 | 4.3 |
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header co
|
03-03-2023 - 19:17 | 30-07-2019 - 22:15 | |
CVE-2019-7615 | 5.8 |
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by th
|
03-03-2023 - 17:48 | 30-07-2019 - 22:15 | |
CVE-2020-7016 | 2.1 |
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
|
16-11-2022 - 03:54 | 27-07-2020 - 18:15 | |
CVE-2020-7017 | 4.6 |
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of
|
07-10-2022 - 17:56 | 27-07-2020 - 18:15 | |
CVE-2020-7013 | 6.5 |
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead t
|
26-06-2020 - 18:55 | 03-06-2020 - 18:15 | |
CVE-2020-7014 | 6.5 |
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able
|
19-06-2020 - 11:15 | 03-06-2020 - 18:15 | |
CVE-2020-7015 | 3.5 |
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions,
|
05-06-2020 - 18:48 | 03-06-2020 - 18:15 | |
CVE-2020-7012 | 6.5 |
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code.
|
05-06-2020 - 18:36 | 03-06-2020 - 18:15 | |
CVE-2020-7011 | 4.3 |
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is abl
|
05-06-2020 - 18:11 | 03-06-2020 - 18:15 | |
CVE-2020-7009 | 6.5 |
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API ke
|
09-04-2020 - 14:58 | 31-03-2020 - 19:15 | |
CVE-2019-7621 | 3.5 |
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another
|
10-02-2020 - 21:53 | 18-12-2019 - 20:15 | |
CVE-2019-7617 | 6.4 |
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of t
|
09-10-2019 - 23:52 | 22-08-2019 - 17:15 |