Known Vulnerabilities for Elasticsearch by Elastic
Listed below are 10 of the newest known vulnerabilities associated with "Elasticsearch" by "Elastic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23712 | A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibl... | 7.5 - HIGH | 2022-06-06 | 2022-10-05 |
| CVE-2022-23708 | A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable... | 4.3 - MEDIUM | 2022-03-03 | 2023-07-03 |
| CVE-2021-22147 | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an au... | 6.5 - MEDIUM | 2021-09-15 | 2022-11-04 |
| CVE-2021-22146 | All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. ... | 7.5 - HIGH | 2021-07-21 | 2022-07-12 |
| CVE-2021-22145 | A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability t... | 6.5 - MEDIUM | 2021-07-21 | 2022-05-10 |
| CVE-2021-22144 | In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of ser... | 6.5 - MEDIUM | 2021-07-26 | 2022-05-10 |
| CVE-2021-22137 | In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security... | 5.3 - MEDIUM | 2021-05-13 | 2022-11-04 |
| CVE-2021-22135 | Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester a... | 5.3 - MEDIUM | 2021-05-13 | 2021-09-07 |
| CVE-2021-22134 | A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Sec... | 4.3 - MEDIUM | 2021-03-08 | 2022-10-25 |
| CVE-2021-22132 | Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an a... | 4.8 - MEDIUM | 2021-01-14 | 2022-05-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Elastic | Elasticsearch | 7.9.2 | All | All | All |
| Application | Elastic | Elasticsearch | 7.9.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.8.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.8.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.7.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.7.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.6.2 | All | All | All |
| Application | Elastic | Elasticsearch | 7.6.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.6.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.5.2 | All | All | All |
| Application | Elastic | Elasticsearch | 7.5.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.5.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.4.2 | All | All | All |
| Application | Elastic | Elasticsearch | 7.4.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.4.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.3.2 | All | All | All |
| Application | Elastic | Elasticsearch | 7.3.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.3.0 | All | All | All |
| Application | Elastic | Elasticsearch | 7.2.1 | All | All | All |
| Application | Elastic | Elasticsearch | 7.2.0 | All | All | All |