ROOT-APP-MAVEN-CVE-2025-68384 CVE-2025-68384 in io.root.org.elasticsearch.plugin:x-pack-security - Patched by Root

Root has patched CVE-2025-68384 in the io.root.org.elasticsearch.plugin:x-pack-security package for Root:Maven. Multiple fixed versions available...

Denial Of Service (DoS)

org.elasticsearch.plugin, x-pack-security is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits or throttling on user settings data allocation, which allows a low-privileged authenticated attacker to submit oversized data and trigger excessive memory allocation...

net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.plugin:transport-netty4 (>=9.0.0 <=9.1.10) +4 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.0.0-beta1 <=9.1.7)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =9.1.4, =9.0.0, =9.0.0, =9.1.10 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

EUVD-2017-17392

Malware in sbrugna...

EUVD-2018-15610

Malware in sbrugna...

EUVD-2016-1546

Malware in sbrugna...

EUVD-2018-15607

Malware in sbrugna...

EUVD-2017-17389

Malware in sbrugna...

EUVD-2017-17396

Malware in sbrugna...

EUVD-2017-17399

Malware in sbrugna...

EUVD-2017-17397

Malware in sbrugna...

EUVD-2017-17394

Malware in sbrugna...

EUVD-2017-17400

Malware in sbrugna...

Information Disclosure

org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...

Information Disclosure

x-pack-security is vulnerable to information disclosure. When a user runs the same query as queried by another more privileged user, the scrolling search can leak fields that should be hidden, resulting in the user gaining additional permissions against a restricted index...

Elasticsearch ESA-2017-09

X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. C Tenable Netwo...

Elasticsearch ESA-2017-10

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...

Elasticsearch ESA-2017-03

When merging multiple rules with field level security rules for the same index, X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules. C Tenable Network Security, Inc. include'compat.inc'; if...

Elasticsearch ESA-2018-07

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

Elasticsearch ESA-2017-18

An error was found in the X-Pack Security privilege enforcement. If a user has either delete or index permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. C Tenable Network Security, Inc. include"compat.inc"; if description...