Elasticsearch Security Vulnerabilities and Issues — Elasticsearch CVE List

Lucene search

ElasticElasticsearch

3 matches found

CVE•added 2019/03/25 7:29 p.m.•126 views

CVE-2019-7611

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permissi...

8.1CVSS7.6AI score0.00148EPSS

CVE•added 2019/10/30 2:15 p.m.•89 views

CVE-2019-7619

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

5.3CVSS5.3AI score0.0216EPSS

CVE•added 2019/07/30 10:15 p.m.•88 views

CVE-2019-7614

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.

5.9CVSS5.8AI score0.00247EPSS