cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12539,https://securityvulnerability.io/vulnerability/CVE-2024-12539,Security Flaw in Elasticsearch Exposing Sensitive Documents,"CVE-2024-12539 is a significant vulnerability identified in Elastic's Elasticsearch, where improper authorization controls can be exploited. This flaw allows a malicious user to bypass Document Level Security, granting them access to sensitive documents that their user roles should restrict. Such a security gap poses a severe risk to data privacy and integrity, potentially exposing organizations to unauthorized access and data breaches.",Elastic,Elasticsearch,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-12-17T20:50:04.968Z,0
CVE-2024-23444,https://securityvulnerability.io/vulnerability/CVE-2024-23444,Unencrypted Private Keys Generated by elasticsearch-certutil CLI Tool,"A security flaw was identified in the elasticsearch-certutil CLI tool, specifically when utilizing the csr option to generate new Certificate Signing Requests. The vulnerability arises as the corresponding private key is saved unencrypted on disk, exposing it to potential unauthorized access, even in cases where the --pass parameter is included in the command. This oversight may lead to unauthorized use of sensitive data, posing significant risks to security.",Elastic,Elasticsearch,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-07-31T17:26:12.784Z,0
CVE-2023-49921,https://securityvulnerability.io/vulnerability/CVE-2023-49921,Elastic Addresses Security Issue in Watcher,"An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.",Elastic,Elasticsearch,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-07-26T05:10:33.913Z,0
CVE-2024-37280,https://securityvulnerability.io/vulnerability/CVE-2024-37280,Elasticsearch Document Ingest Vulnerability,"A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.",Elastic,Elasticsearch,4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-13T16:26:57.983Z,0
CVE-2024-23445,https://securityvulnerability.io/vulnerability/CVE-2024-23445,Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions,"It was identified that if a  cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.

This issue only affects the  API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models  that was previously a beta feature and is released as GA with 8.14.0",Elastic,Elasticsearch,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-12T14:15:00.000Z,0
CVE-2024-23449,https://securityvulnerability.io/vulnerability/CVE-2024-23449,Elasticsearch Ingest Node Crashes When Parsing Encrypted PDFs,An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.,Elastic,Elasticsearch,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-29T11:12:49.067Z,0
CVE-2024-23451,https://securityvulnerability.io/vulnerability/CVE-2024-23451,Incorrect Authorization in Remote Cluster Security Could Allow Malicious Access to Arbitrary Documents,"Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.",Elastic,Elasticsearch,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-03-27T18:03:25.802Z,0
CVE-2024-23450,https://securityvulnerability.io/vulnerability/CVE-2024-23450,Elasticsearch Crashes Due to Deeply Nested Pipeline Processing,"A flaw has been identified in Elasticsearch that impacts its stability during the processing of documents in deeply nested pipelines on ingest nodes. When such documents are processed, it can lead to a crash of the Elasticsearch node, interrupting service and potentially causing data unavailability.",Elastic,Elasticsearch,7.5,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-03-27T17:03:48.290Z,0
CVE-2023-46674,https://securityvulnerability.io/vulnerability/CVE-2023-46674,Elasticsearch-hadoop Unsafe Deserialization,"An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
",Elastic,Elasticsearch-hadoop,6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-12-05T18:15:00.000Z,0
CVE-2023-46673,https://securityvulnerability.io/vulnerability/CVE-2023-46673,Script Processor Vulnerability in Elasticsearch by Elastic,"A vulnerability has been identified in the script processor of the Ingest Pipeline in Elasticsearch, where malformed scripts can cause an Elasticsearch node to crash while executing the Simulate Pipeline API. This situation may result in service disruptions, underscoring the importance of ensuring script integrity before use.",Elastic,Elasticsearch,7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-11-22T10:15:00.000Z,0
CVE-2021-37937,https://securityvulnerability.io/vulnerability/CVE-2021-37937,Elasticsearch privilege escalation,"An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.",Elastic,Elasticsearch,5.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-11-22T01:45:21.008Z,0
CVE-2023-31419,https://securityvulnerability.io/vulnerability/CVE-2023-31419,Elasticsearch StackOverflow vulnerability,"A vulnerability has been identified in Elasticsearch's search API that permits an attacker to exploit a specially crafted query string. This flaw can lead to a stack overflow condition, which may result in denial of service, effectively making the affected Elasticsearch instances unresponsive. Users are encouraged to apply the latest security updates to mitigate this issue.",Elastic,Elasticsearch,7.5,HIGH,0.0020600000862032175,false,,false,false,true,2023-10-03T13:51:37.000Z,true,false,false,,2023-10-26T18:15:00.000Z,0
CVE-2023-31418,https://securityvulnerability.io/vulnerability/CVE-2023-31418,Elasticsearch uncontrolled resource consumption,"A vulnerability has been identified in Elasticsearch where unauthenticated users can disrupt the service. By sending a series of malformed HTTP requests, an attacker can trigger an OutOfMemory error causing the Elasticsearch node to terminate unexpectedly. Elastic Engineering has confirmed this issue but has found no evidence of exploitation in active environments. It is crucial for users to apply the necessary updates to mitigate this risk.",Elastic,Elasticsearch,7.5,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-10-26T18:15:00.000Z,0
CVE-2023-31417,https://securityvulnerability.io/vulnerability/CVE-2023-31417,Elasticsearch Insertion of sensitive information in audit logs,"Elasticsearch has a flaw that permits the exposure of sensitive information, such as passwords and tokens, in audit logs under specific conditions. While Elasticsearch is designed to filter out sensitive data before logging, this functionality fails with certain deprecated API URIs. Audit logging, which is disabled by default, must be enabled explicitly for this issue to become a concern. Even when logging is active, sensitive request bodies may only appear in logs if specifically configured, hence organizations need to be aware of these settings to prevent inadvertent data leaks.",Elastic,Elasticsearch,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-10-26T18:15:00.000Z,0
CVE-2022-23712,https://securityvulnerability.io/vulnerability/CVE-2022-23712,Denial of Service Vulnerability in Elasticsearch by Elastic,"A Denial of Service vulnerability exists in Elasticsearch, allowing unauthenticated attackers to disable an Elasticsearch node by sending a specifically crafted network request. This flaw could disrupt service availability, affecting applications relying on Elasticsearch for data storage and retrieval. Organizations using Elasticsearch must implement security patches to mitigate this vulnerability and maintain system uptime.",Elastic,Elasticsearch,7.5,HIGH,0.00203999993391335,false,,false,false,false,,,false,false,,2022-06-06T17:07:29.000Z,0
CVE-2022-23708,https://securityvulnerability.io/vulnerability/CVE-2022-23708,Security Flaw in Elasticsearch Upgrade Assistant Disabling Protections,"A security vulnerability has been identified in the upgrade assistant of Elasticsearch 7.17.0. During the upgrade process from version 6.x to 7.x, the built-in protections for the security index are inadvertently disabled. This flaw allows authenticated users with wildcard ('*') permissions on indices to gain unauthorized access to the sensitive security index, posing significant risks to data integrity and confidentiality.",Elastic,Elasticsearch,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-03T21:48:14.000Z,0
CVE-2021-22147,https://securityvulnerability.io/vulnerability/CVE-2021-22147,Security Flaw in Elasticsearch by Elastic,"A security issue in Elasticsearch prior to version 7.14.0 allows authenticated users to bypass document and field level security on searchable snapshots. This oversight can grant users unauthorized access to sensitive information, posing significant risks to data integrity and confidentiality. Organizations using affected versions should apply the necessary updates to secure their systems against potential exploitation.",Elastic,Elasticsearch,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2021-09-15T11:36:19.000Z,0
CVE-2021-22144,https://securityvulnerability.io/vulnerability/CVE-2021-22144,Uncontrolled Recursion Vulnerability in Elasticsearch Grok Parser,"In Elasticsearch, an uncontrolled recursion vulnerability was discovered in the Grok parser present in versions prior to 7.13.3 and 6.8.17. This flaw allows a malicious actor, capable of submitting arbitrary queries, to construct a specially crafted Grok query that could trigger a denial of service by crashing the Elasticsearch node. It is crucial for users of affected versions to apply the relevant updates to mitigate this risk.",Elastic,Elasticsearch,6.5,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2021-07-26T11:48:40.000Z,0
CVE-2021-22146,https://securityvulnerability.io/vulnerability/CVE-2021-22146,Elasticsearch Anonymous User Vulnerability in Elastic Cloud Enterprise by Elastic,"Elastic Cloud Enterprise includes a default setting that enables the 'anonymous' user for all deployed clusters. While this user is designed with no permissions, it poses a risk as an attacker can exploit this configuration to gather sensitive information regarding the architecture and details of the cluster. This vulnerability could potentially lead to more severe security issues if left unaddressed, allowing unauthorized insights into the system's structure.",Elastic,Elasticsearch,7.5,HIGH,0.1886100023984909,false,,false,false,true,2021-07-22T06:50:34.000Z,true,false,false,,2021-07-21T11:28:12.000Z,0
CVE-2021-22145,https://securityvulnerability.io/vulnerability/CVE-2021-22145,Memory Disclosure in Elasticsearch by Elastic,"A specific memory disclosure vulnerability exists in the error reporting of Elasticsearch versions 7.10.0 through 7.13.3. This flaw allows an attacker capable of submitting arbitrary queries to exploit the system by sending malformed queries. As a result, an error message generated may unintentionally include segments of a data buffer that can expose sensitive information, which may encompass Elasticsearch documents or authentication details. This vulnerability highlights the importance of secure query handling and the need for robust safeguards against data leaks.",Elastic,Elasticsearch,6.5,MEDIUM,0.9659500122070312,false,,false,false,true,2023-08-31T07:56:03.000Z,true,false,false,,2021-07-21T11:20:52.000Z,0
CVE-2021-22138,https://securityvulnerability.io/vulnerability/CVE-2021-22138,TLS Certificate Validation Flaw in Logstash by Elastic,"A flaw has been identified in the monitoring feature of Logstash that affects certain versions. When a trusted server CA certificate is specified, Logstash fails to properly verify the returned certificate from the monitoring server. This vulnerability creates a potential risk for man-in-the-middle attacks, allowing unauthorized interception of monitoring data. The flaw is present in Logstash versions released after 6.4.0 and before version 6.8.15, as well as version 7.12.0, necessitating immediate attention to ensure secure communications.",Elastic,Elasticsearch,3.7,LOW,0.0005099999834783375,false,,false,false,false,,,false,false,,2021-05-13T17:35:19.000Z,0
CVE-2021-22137,https://securityvulnerability.io/vulnerability/CVE-2021-22137,Document Disclosure Flaw in Elasticsearch by Elastic,"A document disclosure flaw exists in Elasticsearch versions prior to 7.11.2 and 6.8.15 that compromises Document and Field Level Security. During specific cross-cluster search queries, the security permissions are not appropriately maintained, leading to unintended access. This may allow attackers to uncover the existence of sensitive documents and indices, even if they should not have permissions to view them, significantly raising the risk of data exposure.",Elastic,Elasticsearch,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-05-13T17:35:18.000Z,0
CVE-2021-22135,https://securityvulnerability.io/vulnerability/CVE-2021-22135,Document Disclosure Vulnerability in Elasticsearch by Elastic,"Elasticsearch versions prior to 7.11.2 and 6.8.15 exhibit a document disclosure flaw found in the suggester and profile API when Document and Field Level Security are enabled. While these APIs are typically disabled for an index with document level security, certain query patterns can inadvertently enable them. This unintended access may allow attackers to disclose the existence of sensitive documents and fields that should otherwise remain inaccessible.",Elastic,Elasticsearch,5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-05-13T17:35:17.000Z,0
CVE-2021-22134,https://securityvulnerability.io/vulnerability/CVE-2021-22134,Document Disclosure Flaw in Elasticsearch by Elastic,"A document disclosure vulnerability in Elasticsearch affects versions after 7.6.0 and before 7.11.0, specifically when using Document or Field Level Security. This flaw allows for GET requests to bypass security permissions when querying documents that have been recently updated but not yet refreshed in the index. Consequently, attackers may gain visibility into documents and fields that they should not have access to, potentially leading to unauthorized disclosure of sensitive information.",Elastic,Elasticsearch,4.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2021-03-08T20:40:22.000Z,0
CVE-2020-7021,https://securityvulnerability.io/vulnerability/CVE-2020-7021,Information Disclosure Vulnerability in Elasticsearch by Elastic,"Elasticsearch versions prior to 7.10.0 and 6.8.14 experienced a significant information disclosure issue linked to audit logging when the emit_request_body option was enabled. This vulnerability allowed sensitive information, such as password hashes and authentication tokens, to be logged in the audit log. As a result, an Elasticsearch administrator could inadvertently access these details, potentially compromising data security. Organizations using affected versions should promptly update to mitigate the risks associated with this vulnerability.",Elastic,Elasticsearch,4.9,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-02-10T18:55:15.000Z,0