Lucene search
+L

33 matches found

CVE
CVE
added 2022/03/03 9:48 p.m.287 views

CVE-2022-23708

Affected software: Elasticsearch 7.17.0 (upgrade assistant) in which upgrading from 6.x to 7.x disables built‑in protections on the security index. Vulnerable component: upgrade assistant handling the upgrade path from 6.x to 7.x. Root cause: misconfiguration of protections during upgrade allows ...

4.3CVSS4.2AI score0.00909EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/03 9:48 p.m.21 views

CVE-2022-23708

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “” index permissions access to this index...

4.3CVSS4.4AI score0.00909EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/03/03 12:0 a.m.13 views

PT-2022-16218 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.16 through 7.17.0 Description: A flaw was discovered in Elasticsearch's upgrade assistant, which occurs when upgrading from version 6.x to 7.x, disabling the in-built protections on the security index. This allows...

4.3CVSS4.3AI score0.00909EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/03/01 12:0 a.m.8 views

Elasticsearch 安全漏洞

Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch is vulnerable to privilege permission and access control issue...

4.3CVSS5.2AI score0.00909EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/06/19 3:55 p.m.29 views

CVE-2020-7012

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker...

6.5CVSS8.8AI score0.18211EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/06/08 12:0 a.m.36 views

Elastic Kibana 6.7.0 < 6.8.9, 7.x <= 7.6.2 Prototype Pollution Vulnerability - Linux

Kibana is prone to a prototype pollution vulnerability in the Upgrade Assistant. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.6AI score0.18211EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/04 12:0 a.m.5 views

Elasticsearch Kibana Code Injection Vulnerability (CNVD-2020-38065)

Elasticsearch Kibana is a suite of open source, browser-based analytics and search Elasticsearch dashboard tools from Elasticsearch Netherlands. A code injection vulnerability exists in Upgrade Assistant in Elasticsearch Kibana versions 6.7.0 through 6.8.8 and 7.0.0 through 7.6.2. An attacker can...

8.8CVSS7.7AI score0.18211EPSS
Exploits1References1
NVD
NVD
added 2020/06/03 6:15 p.m.20 views

CVE-2020-7012

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker...

8.8CVSS8.8AI score0.18211EPSS
Exploits1References1
OSV
OSV
added 2020/06/03 6:15 p.m.23 views

CVE-2020-7012

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker...

8.8CVSS7.7AI score
Exploits0References1
Prion
Prion
added 2020/06/03 6:15 p.m.28 views

Design/Logic Flaw

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker...

6.5CVSS8.8AI score0.18211EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/06/03 5:55 p.m.83 views

CVE-2020-7012

CVE-2020-7012 affects Elastic Kibana; proto­type pollution in the Upgrade Assistant allows an authenticated attacker with write access to the Kibana index to trigger arbitrary code execution with the Kibana process privileges. Affected versions include Kibana 6.7.0–6.8.8 and 7.0.0–7.6.2 (per mult...

8.8CVSS8.7AI score0.18211EPSS
Exploits1References1Affected Software1
Elastic
Elastic
added 2020/06/03 2:14 p.m.9 views

Elastic Stack 6.8.9 and 7.7.0 security update

Kibana upgrade assistant prototype pollution flaw ESA-2020-05 Kibana versions between 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to...

8.8CVSS8AI score0.18211EPSS
Exploits1
Hacker One
Hacker One
added 2020/04/17 10:49 p.m.12 views

Elastic: Remote Code Execution on Cloud via latest Kibana 7.6.2

Summary: A prototype pollution in Kibana can be used to gain remote code execution. Description: There is a prototype pollution bug in the upgrade assistant's telemetry collector, via a dangerous usage of .set:...

0.4AI score
Exploits0
Rows per page
Query Builder