Elasticsearch Security Vulnerabilities and Issues — Elasticsearch CVE List

Lucene search

ElasticElasticsearch

3 matches found

CVE•added 2021/07/21 3:15 p.m.•201 views

CVE-2021-22145

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer...

6.5CVSS6.5AI score0.59933EPSS

CVE•added 2021/07/26 12:15 p.m.•146 views

CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that wil...

6.5CVSS6.3AI score0.003EPSS

CVE•added 2021/07/21 3:15 p.m.•113 views

CVE-2021-22146

All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to ga...

7.5CVSS7.5AI score0.29897EPSS