Lucene search
+L
ElasticEnterprise Search

5 matches found

CVE
CVE
added 2020/08/18 4:40 p.m.63 views

CVE-2020-7018

Elastic Enterprise Search prior to 7.9.0 is affected by a credential exposure in the App Search interface. If a user has the developer role, they can view administrator API credentials, enabling operations with App Search administrator permissions. The issue is fixed by upgrading to Enterprise Se...

8.8CVSS8.4AI score0.0109EPSS
CVE
CVE
added 2023/12/12 5:53 p.m.58 views

CVE-2023-49923

Elastic App Search’s Documents API logged raw indexed document contents at INFO, risking leakage of sensitive data in logs. Affected versions: Enterprise Search/App Search before 7.17.16 and before 8.11.2. Root cause: logging those contents at INFO; fix: log at DEBUG (disabled by default) in 7.17...

6.8CVSS6.4AI score0.00594EPSS
CVE
CVE
added 2021/12/07 6:59 p.m.57 views

CVE-2021-37940

CVE-2021-37940 pertains to an information-disclosure via a GET-based server-side request forgery in the Workplace Search integration for GitHub Enterprise Server (GHES). The vulnerability allows a malicious GHES admin to leverage the Workplace Search GHES integration to view hosts that may not be...

6.8CVSS6.2AI score0.00849EPSS
CVE
CVE
added 2021/09/15 11:49 a.m.56 views

CVE-2021-22148

Elastic Enterprise Search App Search prior to 7.14.0 is vulnerable due to API keys not being bound to the same engines as their creator, enabling a less-privileged user to access engines they should not reach. Red Hat and CVE mappings corroborate the issue. Affected product: Elastic Enterprise Se...

8.8CVSS8.3AI score0.00954EPSS
CVE
CVE
added 2021/09/15 11:44 a.m.55 views

CVE-2021-22149

Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a missing authorization weakness for API keys via an alternate route, enabling an authenticated attacker to use API keys belonging to higher-privileged users. Root cause: API keys not properly bound/authorized in altern...

8.8CVSS8.4AI score0.00954EPSS