The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Elasticsearch

Elasticsearch: information disclosure via emit_request_body
An attacker can bypass access restrictions to data via emit_request_body of Elasticsearch, in order to obtain sensitive information...
CVE-2020-7021, ESA-2021-03, ESA-2021-04, VIGILANCE-VUL-34552
Elasticsearch: information disclosure via Async Search API
An attacker can bypass access restrictions to data via Async Search API of Elasticsearch, in order to obtain sensitive information...
CVE-2021-22132, ESA-2021-01, VIGILANCE-VUL-34353
Elasticsearch: information disclosure via Document/Field Level Security
An attacker can bypass access restrictions to data via Document/Field Level Security of Elasticsearch, in order to obtain sensitive information...
CVE-2020-7020, VIGILANCE-VUL-33679
Elasticsearch: information disclosure via Scrolling Search Field Level Security
An attacker can bypass access restrictions to data via Scrolling Search Field Level Security of Elasticsearch, in order to obtain sensitive information...
CVE-2020-7019, ESA-2020-12, VIGILANCE-VUL-33102
Elasticsearch: privilege escalation via API Key Privilege
An attacker can bypass restrictions via API Key Privilege of Elasticsearch, in order to escalate his privileges...
CVE-2020-7014, VIGILANCE-VUL-32434
Elasticsearch: privilege escalation via API Key
An attacker can bypass restrictions via API Key of Elasticsearch, in order to escalate his privileges...
CVE-2020-7009, VIGILANCE-VUL-31918
Elasticsearch: information disclosure via API Key Username Disclosure
An attacker can bypass access restrictions to data via API Key Username Disclosure of Elasticsearch, in order to obtain sensitive information...
CVE-2019-7619, ESA-2019-13, VIGILANCE-VUL-30712
Elasticsearch: information disclosure via Response Headers
An attacker can bypass access restrictions to data via Response Headers of Elasticsearch, in order to obtain sensitive information...
CVE-2019-7614, ESA-2019-07, VIGILANCE-VUL-29915
Elasticsearch: information disclosure via Opt-out Query Cache
An attacker can bypass access restrictions to data via Opt-out Query Cache of Elasticsearch, in order to obtain sensitive information...
VIGILANCE-VUL-29204
Elasticsearch: privilege escalation via Restricted Index
An attacker can bypass restrictions via Restricted Index of Elasticsearch, in order to escalate his privileges...
CVE-2019-7611, ESA-2019-04, VIGILANCE-VUL-28565
Our database contains other pages. You can request a free trial to read them.

Display information about Elasticsearch: