11 matches found
EUVD-2019-17148
Malware in sbrugna...
EUVD-2021-9288
Malicious code in bioql PyPI...
SUSE CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service allows a perpetrator to execute arbitrary commands.
The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service is related to insufficient validation of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
Privilege Escalation
elasticsearch is vulnerable to privilege escalation. An attacker is able to gain additional permissions against a restricted index due to failure to perform certain permission checks when xpack.security.dlsfls.enabled is configured with false value in the elasticsearch.yml file...
Arbitrary Code Execution
kibana is vulnerable to arbitrary code execution. The vulnerability exists due to a flaw which allows an attacker to send a malicious request to execute Javascript code since xpack.security.audit.enabled in the kibana.yml is set to true by default, leading to arbitrary code execution on the host...
[ASA-201902-27] elasticsearch: privilege escalation
Arch Linux Security Advisory ASA-201902-27 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7611 Package : elasticsearch Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-912 Summary ======= The package elasticsearch...
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
CVE-2017-8441
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias...