The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Elasticsearch

Elasticsearch: information disclosure via API Key Username Disclosure
An attacker can bypass access restrictions to data via API Key Username Disclosure of Elasticsearch, in order to obtain sensitive information...
CVE-2019-7619, ESA-2019-13, VIGILANCE-VUL-30712
Elasticsearch: information disclosure via Response Headers
An attacker can bypass access restrictions to data via Response Headers of Elasticsearch, in order to obtain sensitive information...
CVE-2019-7614, ESA-2019-07, VIGILANCE-VUL-29915
Elasticsearch: information disclosure via Opt-out Query Cache
An attacker can bypass access restrictions to data via Opt-out Query Cache of Elasticsearch, in order to obtain sensitive information...
VIGILANCE-VUL-29204
Elasticsearch: privilege escalation via Restricted Index
An attacker can bypass restrictions via Restricted Index of Elasticsearch, in order to escalate his privileges...
CVE-2019-7611, ESA-2019-04, VIGILANCE-VUL-28565
Elasticsearch: external XML entity injection via find_file_structure API
An attacker can transmit malicious XML data via find_file_structure API to Elasticsearch, in order to read a file, scan sites, or trigger a denial of service...
CVE-2018-17247, VIGILANCE-VUL-27969
Elasticsearch: information disclosure via User Data Caching
An attacker can bypass access restrictions to data via User Data Caching of Elasticsearch, in order to obtain sensitive information...
CVE-2018-17244, VIGILANCE-VUL-27713
Elasticsearch: information disclosure via _cluster/settings API
An attacker can bypass access restrictions to data via _cluster/settings API of Elasticsearch, in order to obtain sensitive information...
CVE-2018-3831, VIGILANCE-VUL-27266
Elasticsearch: information disclosure via Remote Cluster Thread Context
An attacker can bypass access restrictions to data via Remote Cluster Thread Context of Elasticsearch, in order to obtain sensitive information...
VIGILANCE-VUL-26642
Elasticsearch: information disclosure via repository-azure
An attacker can bypass access restrictions to data via repository-azure of Elasticsearch, in order to obtain sensitive information...
CVE-2018-3827, VIGILANCE-VUL-26431
Elasticsearch: information disclosure via _snapshot API
An attacker can bypass access restrictions to data via _snapshot API of Elasticsearch, in order to obtain sensitive information...
CVE-2018-3826, ESA-2018-10, VIGILANCE-VUL-26430
Our database contains other pages. You can request a free trial to read them.

Display information about Elasticsearch: