248 matches found
Elastic Stack 6.8.2 and 7.2.1 security update
Elasticsearch race condition flaw ESA-2019-07 A race condition flaw was found in the response headers Elasticsearch returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from...
Elastic Stack 6.1.3 and 5.6.7 security update
Kibana incomplete fix for ESA-2017-23 ESA-2018-03 The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitra...
About the Security Announcements category
Security announcements for the Elastic stack. To report a security vulnerability, please follow the instructions on ourSecurity Issues page. Posting to this category is restricted to staff only...
Kibana 8.16.3, 8.17.2 Security Update (ESA-2026-51)
Authorization Bypass Through User-Controlled Key in Kibana Leading to Unauthorized Data Modification Authorization Bypass Through User-Controlled Key CWE-639 in Kibana can lead to unauthorized data modification via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain...
Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)
Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...
Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)
Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an...
Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)
Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information Dependency on Vulnerable Third-Party Component CWE-1395 exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an...
Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36)
Kibana Allocation of Resources Without Limits or Throttling ESA-2025-36 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana...
APM Server (Windows Installer) 8.16.3, 8.17.1 Security Update (ESA-2025-01)
APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation LPE when using the Windows Installer ESA-2025-01 An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improp...
Kibana 8.12.1 Security Update (ESA-2024-21)
Kibana Improper Authorization ESA-2024-21 Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint. Affected Versions: Kibana versions before and including 8.12.0. Solutions and Mitigations: The issue is resolved in versions 8.12.1. Fo...
Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)
Kibana arbitrary code execution via prototype pollution ESA-2025-07 A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5, and 8.18.0, and 9.0.0 Affected...
Kibana 7.17.24 and 8.12.0 Security Update (ESA-2024-20)
Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS ESA-2024-20 Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetic...
APM Server 8.16.1 Security Update (ESA-2024-41)
APM Server Insertion of Sensitive Information into Log File ESA-2024-41 APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs. Affected...
Elasticsearch 7.17.25 and 8.16.0 Security Update (ESA-2024-40)
Elasticsearch Uncontrolled Resource Consumption vulnerabilityESA-2024-40 Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. Affected Versions:...
Logstash 8.15.3 Security Update (ESA-2024-38)
Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...
Elasticsearch 7.17.24 and 8.15.1 Security Update (ESA-2024-37)
Elasticsearch Uncontrolled Resource Consumption vulnerability ESA-2024-37 An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. Affected Versions: Elasticsearch versions 7.17....
Kibana 7.17.23 and 8.15.1 Security Update (ESA-2024-36)
Kibana Uncontrolled Resource Consumption vulnerability ESA-2024-36 An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned ...
Logstash 8.15.3, 8.16.0 Security Update (ESA-2024-48)
Logstash Inefficient Regular Expression Complexity ESA-2024-48 On October 28th, 2024, Ruby announced CVE-2024-49761 in rexml which can lead to ReDoS when parsing XML that has many digits between & and x...; in a hex numeric character reference &x...;. The issue only affects users that use the...
Logstash 8.15.1 Security Update (ESA-2024-35)
Logstash Uncontrolled Resource Consumption vulnerability ESA-2024-35 On August 19, 2024, Floraison announced CVE-2024-43380, which affects fugit "natural" parser. The parser turns natural language into a cron date and was found to accept any length of input, causing an uncontrolled resource...
Elasticsearch 8.15.1 Security Update (ESA-2024-34)
Elasticsearch Uncontrolled Resource Consumption vulnerability ESA-2024-34 A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious...
Kibana 8.16.4 and 8.17.2 Security Update (ESA-2025-02)
Kibana Prototype Pollution can lead to code injection ESA-2025-02 Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Affected Versions: Kibana versions 8.16.1 up to and including 8.16.3, and 8.17.0 up to and including 8.17.1 Solutio...
Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33)
Kibana allocation of resources without limits or throttling leads to crash ESA-2024-33 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the...
Elastic Defend 8.13.3 Security Update (ESA-2024-24)
Elastic Defend Improper Handling of Alternate Encoding Leads to Crash ESA-2024-24 Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend t...
Elasticsearch 8.14.0 Security Update (ESA-2024-14)
Elasticsearch StackOverflow vulnerability ESA-2024-14 A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow...
Elastic Cloud Enterprise 3.7.1 Security Update (ESA-2024-08)
Elastic Cloud Enterprise - Uncontrolled Resource Consumption through HTTP/2 endpoints - CVE-2023-45288 ESA-2024-08 On April 4, 2024, the Go Project announced CVE-2023-45288, which can lead to CPU exhaustion as an attacker can cause an HTTP/2 endpoint to read arbitrary amounts of header data. In t...
Elasticsearch 8.11.1 Security Update (ESA-2024-05)
Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...
APM Server 8.12.1 Security Update (ESA-2024-03)
APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...
Logstash 8.11.1 Security Update (ESA-2023-26)
Logstash Insertion of Sensitive Information into Log File ESA-2023-26 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...
Endpoint v8.10.4 Security Update
Elastic Endpoint Insertion of Sensitive Information into Log File ESA-2023-21 If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to...
Beats, Elastic Agent, APM Server, and Fleet Server 8.10.1 Security Update - Improper Certificate Validation issue (ESA-2023-16)
Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue ESA-2023-16 It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,...
Elasticsearch 8.8.2, 7.17.11 Security Update
Elasticsearch Denial of Service DoS issue ESA-2023-10 This issue only affects users that have at least one OpenID Connect authentication realm or at least one JWT authentication realm configured. A denial of service vulnerability was discovered in Elasticsearch that could lead to the service...
Kibana 8.7.1 Security Updates (ESA-2023-07, ESA-2023-08)
Kibana arbitrary code execution ESA-2023-07 Kibana contains an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands o...
Elastic Cloud Enterprise 3.4.0 Security Update
Elastic Cloud Enterprise Sensitive information disclosure issue ESA-2022-10 A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in th...
Elastic 8.3.1, 8.3.0, and 7.17.5 Security Update
Kibana cross-site-scripting XSS issue ESA-2022-08 A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. Affected Versions: Versions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3...
Kibana 7.17.3 and 8.1.3 Security Update
Kibana Exposure of Sensitive Information ESA-2022-05 A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch...
Elastic Stack 7.14.0 Security Update
Elasticsearch Document/Field Level Security issue ESA-2021-18 A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. Affected...
Elastic Cloud Enterprise security update
Elastic Cloud Enterprise security update ESA-2021-17 Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker...
Elastic Stack 7.13.0 and 6.8.16 Security Update
Kibana url redirection flaw ESA-2021-12 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. Affected Versions: All versions of Kibana before 7.13....
Elastic Stack 7.11.0 Security Update
Elasticsearch field disclosure flaw ESA-2021-05 A document disclosure flaw was found in Elasticsearch when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have...
Elastic Stack 7.11.0 and 6.8.14 Security Update
Elasticsearch information disclosure ESA-2021-03 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or...
Elastic Cloud on Kubernetes 1.1.0 security update
Elastic Cloud on Kubernetes insecure password generation ESA-2020-03 Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more...
Elastic Stack 6.4.3 and 5.6.13 security update
Elasticsearch information disclosure ESA-2018-16 Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same...
Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...
Kibana 7.17.29, 8.17.8, 8.18.3, 9.0.3 Security Update (ESA-2025-09)
Kibana Heap Corruption via Crafted HTML Page due to Chromium Type Confusion ESA-2025-09 On March 10, 2025, Google announced CVE-2025-2135, which can lead to heap corruption via a crafted HTML page through a Type Confusion vulnerability. Affected Versions: Kibana versions up to and including...
Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)
Elasticsearch allocation of resources without limits or throttling leads to crash ESA-2024-25 An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. Affected...
Elasticsearch 8.16.2 / 8.17.0 Security Update
Elasticsearch Incorrect Authorization ESA-2024-46 An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow...
APM Server 8.14.0 Security Update (ESA-2024-19)
APM Server Insertion of Sensitive Information into Log File ESA-2024-19 APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM...
Kibana 7.17.22 / 8.14.0 Security Update (ESA-2024-17)
Kibana RCE due to chromium type confusion ESA-2024-17 On March 26, 2024, a type confusion vulnerability was found in WebAssembly in Google Chrome version prior to 123.0.6312.86 which allows a remote attacker to execute arbitrary code via a crafted HTML page. Kibana includes a bundled version of...
Kibana 8.14.0 Security Update (ESA-2024-15)
Kibana Broken Access Control issue ESA-2024-15 A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. Affected Versions:...
Kibana 8.12.1, 7.17.18 Security Update (ESA-2024-04)
Kibana heap buffer overflow vulnerability ESA-2024-04 This issue requires authenticated access to Kibana. On Dec 21, 2023, Google Chrome announced CVE-2023-7024, described as “Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit...