EUVD-2022-3523

Malicious code in bioql PyPI...

CVE-2024-12539 Elasticsearch Incorrect Authorization

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...

CVE-2024-12539 Elasticsearch Incorrect Authorization

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...

Elastic Elasticsearch Security < 5.6.15 / 6.x < 6.6.1 Permission Issue (ESA-2019-04)

Elasticsearch Security is prone to a permission issue. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch";...

CVE-2018-17244

CVE-2018-17244 affects Elasticsearch Security versions 6.4.0–6.4.2 where request headers may be misapplied during concurrent authentication across AD/LDAP/Native/File realms, causing a run-as to impersonate another user and potentially access restricted information. The connected documents refere...

CVE-2018-17247

Elasticsearch Security 6.5.0/6.5.1 are affected by an XXE in Machine Learning’s find_file_structure API. The root cause is an XML External Entity vulnerability when a policy allowing external network access is present in the Java Security Manager, enabling a crafted request to leak local file con...