Known Vulnerabilities for products from Search-guard
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Search-guard".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40319 json | Not Provided | 2026-04-17 | 2026-04-17 | |
| CVE-2026-4819 json | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging ... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-4818 json | In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privilege... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-4799 json | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untruste... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2019-13423 json | Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could i... | 8.8 - HIGH | 2019-08-23 | 2020-10-08 |
| CVE-2019-13422 json | Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to... | 6.1 - MEDIUM | 2019-08-23 | 2019-10-09 |
| CVE-2019-13421 json | Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of othe... | 4.9 - MEDIUM | 2019-08-23 | 2019-10-09 |
| CVE-2019-13420 json | Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. | 5.9 - MEDIUM | 2019-08-13 | 2021-09-14 |
| CVE-2019-13419 json | Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | 7.5 - HIGH | 2019-08-13 | 2019-10-09 |
| CVE-2019-13418 json | Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. | 7.5 - HIGH | 2019-08-12 | 2023-03-02 |
| CVE-2019-13417 json | Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields w... | 5.3 - MEDIUM | 2019-08-12 | 2023-03-02 |
| CVE-2019-13416 json | Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always au... | 6.5 - MEDIUM | 2019-08-13 | 2020-10-08 |
| CVE-2019-13415 json | Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read... | 6.5 - MEDIUM | 2019-08-13 | 2020-10-08 |
| CVE-2018-20698 json | The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when ba... | 6.1 - MEDIUM | 2019-04-09 | 2020-08-24 |
Known software with vulnerabilities from Search-guard
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Search-guard | Search Guard | - |