Design/Logic Flaw

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

PT-2021-14869 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.13.3 Elasticsearch versions prior to 6.8.17 Description: An uncontrolled recursion issue in the Elasticsearch Grok parser could lead to a denial of service attack. A user who can submit arbitrary queries to...

ElasticSearch 7.13.3 - Memory disclosure Exploit

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import ArgumentParser...

ElasticSearch 7.13.3 Memory Disclosure

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...

Elastic Elasticsearch Memory Disclosure Vulnerability (ESA-2021-16)

Elasticsearch is prone to a memory disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Elasticsearch 7.13.3 and 6.8.17 Security Update

Elasticsearch Denial of Service issue ESA-2021-15 An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that wi...

CSRF via Logging and Profiling feature - CVE-2019-20415

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.3 8.0.0 ≤ version 8.1.0 Fixed versions: 7.13.3 8.1.0...

Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by an information disclosure vulnerability in the ManageFilters.jspa resource due to incorrect authorization checks. An unauthenticated, remote attacker can exploi...

Atlassian Jira Username Enumeration Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A username enumeration vulnerability exists in Atlassian Jira versions prior to 7.13.3, 8.0.4, and 8.1.1, which can be exploited...