Known Vulnerabilities for products from Elasticsearch
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Elasticsearch".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5417 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2026-4498 json | Not Provided | 2026-04-08 | 2026-04-09 | |
| CVE-2020-7017 json | In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is abl... | 6.7 - MEDIUM | 2020-07-27 | 2022-10-07 |
| CVE-2020-7016 json | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL t... | 4.8 - MEDIUM | 2020-07-27 | 2022-11-16 |
| CVE-2017-14730 json | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for use... | 7.8 - HIGH | 2017-09-25 | 2019-10-03 |
| CVE-2017-11480 json | Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat... | 7.5 - HIGH | 2017-12-08 | 2019-10-09 |
| CVE-2017-11479 json | Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obt... | 6.1 - MEDIUM | 2017-09-29 | 2020-08-14 |
| CVE-2017-8446 json | The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 h... | 5.3 - MEDIUM | 2017-08-18 | 2019-10-09 |
| CVE-2017-8444 json | The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an ... | 5.9 - MEDIUM | 2017-09-29 | 2019-10-09 |
| CVE-2016-10362 json | Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP... | 6.5 - MEDIUM | 2017-06-16 | 2019-10-09 |
| CVE-2015-5619 json | Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS... | 5.9 - MEDIUM | 2017-08-09 | 2019-06-17 |
| CVE-2015-5531 json | Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecifi... | 5 - MEDIUM | 2015-08-17 | 2018-10-09 |
| CVE-2015-5378 json | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder ... | 7.5 - HIGH | 2017-06-27 | 2019-06-17 |
| CVE-2015-4165 json | The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and e... | 7.5 - HIGH | 2017-08-09 | 2018-10-09 |
| CVE-2015-3337 json | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows... | 4.3 - MEDIUM | 2015-05-01 | 2015-06-25 |
| CVE-2014-6439 json | Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attacker... | 4.3 - MEDIUM | 2014-10-10 | 2018-10-09 |
Known software with vulnerabilities from Elasticsearch
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Elasticsearch | Elasticsearch | 1.1.1 |
| Application | Elasticsearch | Kibana | 0.10.0 |
| Application | Elasticsearch | Logstash | 1.0.14 |
| Application | Elasticsearch | Packetbeat | 0.1.0 |