Kibana 7.15.2 Security Update

Kibana Path Traversal issue ESA-2021-26 It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the...

Elastic Stack 7.11.0 and 6.8.14 Security Update

Elasticsearch information disclosure ESA-2021-03 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or...

Elastic Stack 7.9.0 and 6.8.12 Security Update

Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...

Elastic Stack 6.8.11 and 7.8.1 security update

Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...

Elastic Stack 7.7.1 and 6.8.10 Security Update

Kibana cross site scripting XSS issue ESA-2020-08 The TSVB visualization in Kibana contains a stored XSS flaw. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users wh...

Elastic Stack 6.8.9 and 7.7.0 security update

Kibana upgrade assistant prototype pollution flaw ESA-2020-05 Kibana versions between 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to...

Elastic Cloud on Kubernetes 1.1.0 security update

Elastic Cloud on Kubernetes insecure password generation ESA-2020-03 Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more...

Elastic Stack 6.8.8 and 7.6.2 security update

Elasticsearch API key privilege escalation ESA-2020-02 Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API ke...

Elastic APM agent for Ruby 2.9.0 security update

Elastic APM agent for Ruby client authentication flaw ESA-2019-08 A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the ‘servercacert’ setting, the Ruby agent would not properly verify the certifica...

Elastic Stack 6.6.1 and 5.6.15 security update

Kibana XSS issue ESA-2019-01 Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting XSS vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Affected Versions Kibana versions before 5.6.15 and...

Elastic Stack 6.5.2 security update

Elasticsearch information disclosure ESA-2018-19 Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning’s findfilestructure API. If a policy allowing external network access has been added to Elasticsearch’s Java Security Manager then an attacker could send a...

Kibana 6.0.1 and 5.6.5 security update

Kibana cross site scripting issue ESA-2017-22 Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting XSS vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Affected Versions: A...

Beats 5.6.4 security update

Packetbeat denial of service ESA-2017-21 Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could...

Elastic Stack 5.4.3 Security update

Kibana X-Pack Security user credentials disclosure ESA-2017-11 In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the...

Logstash SSL/TLS FREAK Vulnerability CVE-2015-5378

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash...

Elasticsearch directory traversal vulnerability CVE-2015-5531

Summary Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process. We have been assigned CVE-2015-5531 for this issue. Fixed versions Versions 1.6.1 and 1.7.0 address the...

Logstash File Output Vulnerability CVE-2015-4152

Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin...

Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...

Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)

Improper Validation of Array Index in Packetbeat Leading to Denial of Service Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted,...

Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...

Fleet Server 8.15.0 Security Update ( ESA-2024-31)

Fleet Server sensitive information exposure via logs ESA-2024-31 An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...

Kibana 8.12.1, 7.17.18 Security Update (ESA-2024-04)

Kibana heap buffer overflow vulnerability ESA-2024-04 This issue requires authenticated access to Kibana. On Dec 21, 2023, Google Chrome announced CVE-2023-7024, described as “Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit...

Enterprise Search 8.11.2 / 7.17.16 Security Update (ESA-2023-31)

Enterprise Search Insertion of Sensitive Information into Log File ESA-2023-31 An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion o...

Elasticsearch 8.11.2, 7.17.16 Security Update (ESA-2023-29)

Elasticsearch Insertion of Sensitive Information into Log File ESA-2023-29 An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has...

Elasticsearch 7.17.14 / 8.10.3 Security Update (ESA-2023-24)

Elasticsearch Improper Handling of Exceptional Conditions ESA-2023-24 It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Affected Versions: Elasticsearch versions on or afte...

Elastic Sharepoint Online Python Connector v8.10.3.0 Security Update

Elastic Sharepoint Online Python Connector Improper Access Control ESA-2023-18 An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a...

Elasticsearch 8.9.0, 7.17.13 Security Update

Elasticsearch uncontrolled resource consumption ESA-2023-13 An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP...

Beats, Elastic Agent, APM Server, and Fleet Server 8.10.1 Security Update - Improper Certificate Validation issue (ESA-2023-16)

Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue ESA-2023-16 It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,...

Elastic Stack 8.7.0, 7.17.10 Security Updates

Filebeat Information Exposure ESA-2023-04 A flaw was discovered in the Filebeat httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. Affected Versions: All filebeat versions through 7.17.9 and 8.6....

Kibana 7.17.9 and 8.6.2 Security Update

Kibana open redirect issue ESA-2023-03 An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Affected Versions: Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.1 Solutions and...

Endpoint Security 8.4.1 Security Update

Elastic Endpoint Security Local Privilege Escalation issue ESA-2022-14 An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Affected Versions: Version 8.4.0...

Kibana 7.17.8 and 8.5.0 Security Update

Update Log 2022-12-23 : Updated impact section with additional details. 2023-01-09 : Updated impact section to include RHEL 2023-01-23 : Updated impact section with additional details. Updated Solutions and Mitigations section with new mitigation option. Updated Affected Versions section. Kibana...

Elastic Security Statement for OpenSSL CVE-2022-3786 and CVE-2022-3602, OpenSSL version 3.0.7

Elastic Products are not affected by this issue. On Oct 25, 2022, Elastic became aware of the Forthcoming OpenSSL 3.0.7 Release announcement, which was made available on Nov 1, 2022. The security issues addressed in this release do not affect OpenSSL versions before 3.0. Elastic has performed an...

APM Java Agent Security Update

APM Java Agent Local Privilege Escalation issue ESA-2021-30 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at...

Enterprise Search 7.16.0 Security Update

Enterprise Search Information Disclosure issue ESA-2021-28 An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the...

Elastic Stack 7.14.0 Security Update

Elasticsearch Document/Field Level Security issue ESA-2021-18 A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. Affected...

7.12.1 Security Update

Kibana denial of service issue ESA-2021-10 A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailab...

Elastic Stack 7.12.0 and 6.8.15 Security Update

Elasticsearch Suggester & Profile API information disclosure flaw ESA-2021-06 A document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document leve...

Elastic APM Agent for Go 1.11.0 Security Update

Elastic APM Agent for Go information disclosure ESA-2021-02 The Elastic APM agent for Go can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM...

Elasticsearch 7.10.2 Security Update

Elasticsearch authorization-header storage issue ESA-2021-01 An information disclosure flaw was found in the Elasticsearch async search API. Users who execute an async search will store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive reques...

Elastic Stack 7.9.3 and 6.8.13 Security Update

Elasticsearch field disclosure flaw ESA-2020-13 A document disclosure flaw was found in Elasticsearch when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the...

Elastic Stack 6.8.6 and 7.5.1 security update

Kibana XSS ESA-2019-17 Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting XSS flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that...

Elastic APM agent for Python 5.1.0 security update

Elastic APM agent for Python client CGI proxy redirection flaw ESA-2019-11 When the Elastic APM agent for Python is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a prox...

Elastic Stack 6.6.2 and 5.6.16 security update

Winlogbeat insufficient logging issue ESA-2019-06 Nate Guagenti @ neu5ron, solutions engineer with Perched Inc. reported an issue in Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbea...

Elastic Cloud Enterprise 1.1.4 security update

Elastic Cloud Enterprise use of shared encryption key ESA-2018-09 In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable...

Elastic Stack 6.2.4 and 5.6.9 security update

X-Pack Machine Learning XSS vulnerability ESA-2018-06 X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to...

Elastic Stack 6.2.3 security update

X-Pack Security SAML vulnerability ESA-2018-07 X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allow...

Kibana 6.1.1 security update

Kibana arbitrary code execution issue ESA-2017-24 Kibana version 6.1.0 had an arbitrary code execution vulnerability in the Math.js package which is used by math aggregations in Time Series Visual Builder. Kibana users could construct a math aggregation capable of executing arbitrary code on the...

Elastic Cloud Enterprise 1.0.2 security update

Elastic Cloud Enterprise unsecured communication ESA-2017-13 The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle MITM the traffic between the client-forwarder and ZooKeeper they could...