pkg:maven/org.elasticsearch/elasticsearch
Type
maven
Namespace
org.elasticsearch
Name
elasticsearch
Known advisories, vulnerabilities and fixes for org.elasticsearch/elasticsearch package.
High
7
Moderate
29
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 8.0.0, < 8.10.3 >= 7.0.0, < 7.17.14 |
CVE-2023-46673
|
MAVEN:GHSA-285M-VHFQ-XX4H | Elasticsearch Improper Handling of Exceptional Conditions | moderate |
2023-11-22T12:30:26
(9 months ago) |
|
Fixed | = 8.10.3 = 7.17.14 |
CVE-2023-46673
|
MAVEN:GHSA-285M-VHFQ-XX4H | Elasticsearch Improper Handling of Exceptional Conditions | moderate |
2023-11-22T12:30:26
(9 months ago) |
|
Affected | >= 8.0.0, < 8.9.0 < 7.17.13 |
CVE-2023-31418
|
MAVEN:GHSA-2CQF-6XV9-F22W | Elasticsearch vulnerable to Uncontrolled Resource Consumption | high |
2023-10-26T18:30:23
(10 months ago) |
|
Fixed | = 8.9.0 = 7.17.13 |
CVE-2023-31418
|
MAVEN:GHSA-2CQF-6XV9-F22W | Elasticsearch vulnerable to Uncontrolled Resource Consumption | high |
2023-10-26T18:30:23
(10 months ago) |
|
Affected | >= 8.0.0, < 8.11.2 < 7.17.16 |
CVE-2023-49921
|
MAVEN:GHSA-2HJR-VMF3-XWVP | Elasticsearch Insertion of Sensitive Information into Log File | moderate |
2024-07-26T06:30:47
(7 weeks ago) |
|
Fixed | = 8.11.2 = 7.17.16 |
CVE-2023-49921
|
MAVEN:GHSA-2HJR-VMF3-XWVP | Elasticsearch Insertion of Sensitive Information into Log File | moderate |
2024-07-26T06:30:47
(7 weeks ago) |
|
Affected | >= 7.0.0-alpha1, < 7.13.3 < 6.8.17 |
CVE-2021-22144
|
MAVEN:GHSA-3393-HVRJ-W7V3 | Denial of Service in Elasticsearch | moderate |
2021-08-09T20:41:17
(3 years ago) |
|
Fixed | = 7.13.3 = 6.8.17 |
CVE-2021-22144
|
MAVEN:GHSA-3393-HVRJ-W7V3 | Denial of Service in Elasticsearch | moderate |
2021-08-09T20:41:17
(3 years ago) |
|
Affected | >= 7.11.0, < 7.14.0 |
CVE-2021-22147
|
MAVEN:GHSA-45H5-R968-5XR7 | Exposure of sensitive information in Elasticsearch | moderate |
2021-09-20T20:29:40
(3 years ago) |
|
Fixed | = 7.14.0 |
CVE-2021-22147
|
MAVEN:GHSA-45H5-R968-5XR7 | Exposure of sensitive information in Elasticsearch | moderate |
2021-09-20T20:29:40
(3 years ago) |
|
Affected | > 8.10.0, < 8.14.0 |
CVE-2024-23445
|
MAVEN:GHSA-4C7Q-M7HC-PC92 | Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions | moderate |
2024-06-12T15:31:44
(3 months ago) |
|
Fixed | = 8.14.0 |
CVE-2024-23445
|
MAVEN:GHSA-4C7Q-M7HC-PC92 | Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions | moderate |
2024-06-12T15:31:44
(3 months ago) |
|
Affected | >= 8.13.1, < 8.14.0 |
CVE-2024-37280
|
MAVEN:GHSA-4Q22-422G-M4PJ | Elasticsearch StackOverflow vulnerability | moderate |
2024-06-13T18:31:58
(3 months ago) |
|
Fixed | = 8.14.0 |
CVE-2024-37280
|
MAVEN:GHSA-4Q22-422G-M4PJ | Elasticsearch StackOverflow vulnerability | moderate |
2024-06-13T18:31:58
(3 months ago) |
|
Affected | >= 7.7.0, < 7.10.2 |
CVE-2021-22132
|
MAVEN:GHSA-5FVX-2JJ3-6MFF | Insufficiently Protected Credentials in Elasticsearch | moderate |
2021-03-18T19:27:27
(3 years ago) |
|
Fixed | = 7.10.2 |
CVE-2021-22132
|
MAVEN:GHSA-5FVX-2JJ3-6MFF | Insufficiently Protected Credentials in Elasticsearch | moderate |
2021-03-18T19:27:27
(3 years ago) |
|
Affected | < 7.17.23 >= 8.0.0-alpha1, < 8.13.0 |
CVE-2024-23444
|
MAVEN:GHSA-5V8F-XX9M-WJ44 | Elasticsearch stores private key on disk unencrypted | moderate |
2024-07-31T18:32:01
(6 weeks ago) |
|
Fixed | = 7.17.23 = 8.13.0 |
CVE-2024-23444
|
MAVEN:GHSA-5V8F-XX9M-WJ44 | Elasticsearch stores private key on disk unencrypted | moderate |
2024-07-31T18:32:01
(6 weeks ago) |
|
Affected | < 6.8.15 >= 7.0.0, < 7.11.2 |
CVE-2021-22135
|
MAVEN:GHSA-62WW-4P3P-7FHJ | API information disclosure flaw in Elasticsearch | moderate |
2021-07-02T18:33:02
(3 years ago) |
|
Fixed | = 6.8.15 = 7.11.2 |
CVE-2021-22135
|
MAVEN:GHSA-62WW-4P3P-7FHJ | API information disclosure flaw in Elasticsearch | moderate |
2021-07-02T18:33:02
(3 years ago) |
|
Affected | < 1.4.0.Beta1 |
CVE-2014-6439
|
MAVEN:GHSA-8699-M855-CWQF | Cross-site scripting in Elasticsearch | moderate |
2022-05-14T02:51:14
(2 years ago) |
|
Fixed | = 1.4.0.Beta1 |
CVE-2014-6439
|
MAVEN:GHSA-8699-M855-CWQF | Cross-site scripting in Elasticsearch | moderate |
2022-05-14T02:51:14
(2 years ago) |
|
Affected | >= 8.0.0, < 8.9.2 >= 7.0.0, < 7.17.13 |
CVE-2023-31417
|
MAVEN:GHSA-99PC-69Q9-JXF2 | Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs | moderate |
2023-10-26T18:30:23
(10 months ago) |
|
Fixed | = 8.9.2 = 7.17.13 |
CVE-2023-31417
|
MAVEN:GHSA-99PC-69Q9-JXF2 | Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs | moderate |
2023-10-26T18:30:23
(10 months ago) |
|
Affected | < 6.8.12 >= 7.0.0, < 7.9.0 |
CVE-2020-7019
|
MAVEN:GHSA-C77J-P484-H84M | Improper privilege management in elasticsearch | moderate |
2022-05-24T17:26:07
(2 years ago) |
|
Fixed | = 6.8.12 = 7.9.0 |
CVE-2020-7019
|
MAVEN:GHSA-C77J-P484-H84M | Improper privilege management in elasticsearch | moderate |
2022-05-24T17:26:07
(2 years ago) |
|
Affected | >= 6.5.0, < 6.5.2 |
CVE-2018-17247
|
MAVEN:GHSA-CCMR-QJ26-845G | Improper Restriction of XML External Entity Reference in Elasticsearch | moderate |
2022-05-13T01:34:04
(2 years ago) |
|
Fixed | = 6.5.2 |
CVE-2018-17247
|
MAVEN:GHSA-CCMR-QJ26-845G | Improper Restriction of XML External Entity Reference in Elasticsearch | moderate |
2022-05-13T01:34:04
(2 years ago) |
|
Affected | >= 7.0.0, <= 7.0.9 <= 6.8.13 |
CVE-2020-7021
|
MAVEN:GHSA-CQGV-256R-M9R8 | Insertion of Sensitive Information into Log File in Elasticsearch | moderate |
2022-05-24T17:41:42
(2 years ago) |
|
Fixed | = 7.10.0 = 6.8.14 |
CVE-2020-7021
|
MAVEN:GHSA-CQGV-256R-M9R8 | Insertion of Sensitive Information into Log File in Elasticsearch | moderate |
2022-05-24T17:41:42
(2 years ago) |
|
Affected | < 1.6.0 |
CVE-2015-4165
|
MAVEN:GHSA-FH5X-4J57-6Q5X | Improper Access Control in Elasticsearch | high |
2022-05-14T02:48:29
(2 years ago) |
|
Fixed | = 1.6.0 |
CVE-2015-4165
|
MAVEN:GHSA-FH5X-4J57-6Q5X | Improper Access Control in Elasticsearch | high |
2022-05-14T02:48:29
(2 years ago) |
|
Affected | >= 6.0.0, < 6.6.1 < 5.6.15 |
CVE-2019-7611
|
MAVEN:GHSA-FJ32-6V7M-57PG | Improper Access Control in Elasticsearch | high |
2022-05-13T01:14:26
(2 years ago) |
|
Fixed | = 6.6.1 = 5.6.15 |
CVE-2019-7611
|
MAVEN:GHSA-FJ32-6V7M-57PG | Improper Access Control in Elasticsearch | high |
2022-05-13T01:14:26
(2 years ago) |
|
Affected | >= 7.0.0, < 7.9.2 < 6.8.13 |
CVE-2020-7020
|
MAVEN:GHSA-G9FW-9X87-RMRJ | Privilege Context Switching Error in Elasticsearch | low |
2021-03-18T19:27:13
(3 years ago) |
|
Fixed | = 7.9.2 = 6.8.13 |
CVE-2020-7020
|
MAVEN:GHSA-G9FW-9X87-RMRJ | Privilege Context Switching Error in Elasticsearch | low |
2021-03-18T19:27:13
(3 years ago) |
|
Affected | >= 7.0.0, <= 7.6.1 >= 6.7.0, <= 6.8.7 |
CVE-2020-7009
|
MAVEN:GHSA-GFV5-GRX2-9JW2 | Improper Privilege Management in Elasticsearch | high |
2022-05-24T17:13:01
(2 years ago) |
|
Fixed | = 7.6.2 = 6.8.8 |
CVE-2020-7009
|
MAVEN:GHSA-GFV5-GRX2-9JW2 | Improper Privilege Management in Elasticsearch | high |
2022-05-24T17:13:01
(2 years ago) |
|
Affected | >= 7.0.0, < 7.6.2 >= 6.7.0, < 6.8.8 |
CVE-2020-7014
|
MAVEN:GHSA-HQQV-9X3V-MP7W | Privilege Escalation Flaw in Elasticsearch | moderate |
2021-03-18T19:27:20
(3 years ago) |
|
Fixed | = 7.6.2 = 6.8.8 |
CVE-2020-7014
|
MAVEN:GHSA-HQQV-9X3V-MP7W | Privilege Escalation Flaw in Elasticsearch | moderate |
2021-03-18T19:27:20
(3 years ago) |
|
Affected | <= 6.8.14 >= 7.11.0, <= 7.11.1 |
CVE-2021-22137
|
MAVEN:GHSA-HR65-QQ6P-87R4 | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-24T19:02:19
(2 years ago) |
|
Fixed | = 6.8.15 = 7.11.2 |
CVE-2021-22137
|
MAVEN:GHSA-HR65-QQ6P-87R4 | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-24T19:02:19
(2 years ago) |
|
Affected | >= 7.6.0, < 7.11.0 |
CVE-2021-22134
|
MAVEN:GHSA-HWVV-438R-MHVJ | Exposure of Sensitive Information to an Unauthorized Actor | moderate |
2021-03-18T19:23:57
(3 years ago) |
|
Fixed | = 7.11.0 |
CVE-2021-22134
|
MAVEN:GHSA-HWVV-438R-MHVJ | Exposure of Sensitive Information to an Unauthorized Actor | moderate |
2021-03-18T19:23:57
(3 years ago) |
|
Affected | >= 7.0.0, <= 7.3.2 >= 6.7.0, <= 6.8.3 |
CVE-2019-7619
|
MAVEN:GHSA-HXP8-R9G3-GRFR | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-24T17:00:08
(2 years ago) |
|
Fixed | = 7.4.0 = 6.8.4 |
CVE-2019-7619
|
MAVEN:GHSA-HXP8-R9G3-GRFR | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-24T17:00:08
(2 years ago) |
|
Affected | <= 1.6.0 |
CVE-2015-5531
|
MAVEN:GHSA-JJQ8-VFJQ-J6V4 | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | moderate |
2022-05-14T02:48:01
(2 years ago) |
|
Fixed | = 1.6.1 |
CVE-2015-5531
|
MAVEN:GHSA-JJQ8-VFJQ-J6V4 | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | moderate |
2022-05-14T02:48:01
(2 years ago) |
|
Affected | >= 7.0.0, < 7.2.1 < 6.8.2 |
CVE-2019-7614
|
MAVEN:GHSA-JQM6-M3J3-8GG9 | Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch | moderate |
2022-05-24T16:51:49
(2 years ago) |
|
Fixed | = 7.2.1 = 6.8.2 |
CVE-2019-7614
|
MAVEN:GHSA-JQM6-M3J3-8GG9 | Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch | moderate |
2022-05-24T16:51:49
(2 years ago) |
|
Affected | >= 7.16.0, < 7.17.1 |
CVE-2022-23710
|
MAVEN:GHSA-M6GG-86C6-GFR9 | Withdrawn: Cross-site Scripting in Kibana | moderate |
2022-03-04T00:00:15
(2 years ago) |
|
Fixed | = 7.17.1 |
CVE-2022-23710
|
MAVEN:GHSA-M6GG-86C6-GFR9 | Withdrawn: Cross-site Scripting in Kibana | moderate |
2022-03-04T00:00:15
(2 years ago) |
|
Affected | >= 6.0.0, < 6.2.4 < 5.6.9 |
CVE-2018-3824
|
MAVEN:GHSA-MJPC-QX7H-R8C9 | Elasticsearch subject to cross site scripting | moderate |
2022-05-13T01:32:17
(2 years ago) |
|
Fixed | = 6.2.4 = 5.6.9 |
CVE-2018-3824
|
MAVEN:GHSA-MJPC-QX7H-R8C9 | Elasticsearch subject to cross site scripting | moderate |
2022-05-13T01:32:17
(2 years ago) |
|
Affected | >= 7.16.0, < 7.17.1 |
CVE-2022-23708
|
MAVEN:GHSA-PGQ6-CCQJ-HPQR | Elasticsearch privilege escalation | moderate |
2022-03-04T00:00:15
(2 years ago) |
|
Fixed | = 7.17.1 |
CVE-2022-23708
|
MAVEN:GHSA-PGQ6-CCQJ-HPQR | Elasticsearch privilege escalation | moderate |
2022-03-04T00:00:15
(2 years ago) |
|
Affected | >= 8.4.0, < 8.11.1 |
CVE-2024-23449
|
MAVEN:GHSA-PW39-F3M5-CXFC | Elasticsearch Uncaught Exception leading to crash | moderate |
2024-03-29T12:30:42
(5 months ago) |
|
Fixed | = 8.11.1 |
CVE-2024-23449
|
MAVEN:GHSA-PW39-F3M5-CXFC | Elasticsearch Uncaught Exception leading to crash | moderate |
2024-03-29T12:30:42
(5 months ago) |
|
Affected | >= 8.0.0, < 8.9.1 >= 7.0.0, < 7.17.13 |
CVE-2023-31419
|
MAVEN:GHSA-QWRX-45XF-JJF7 | Elasticsearch vulnerable to stack overflow in the search API | moderate |
2023-10-26T18:30:23
(10 months ago) |
|
Fixed | = 8.9.1 = 7.17.13 |
CVE-2023-31419
|
MAVEN:GHSA-QWRX-45XF-JJF7 | Elasticsearch vulnerable to stack overflow in the search API | moderate |
2023-10-26T18:30:23
(10 months ago) |
|
Affected | >= 8.10.0, < 8.13.0 |
CVE-2024-23451
|
MAVEN:GHSA-R3HX-QFH5-R9M7 | Elasticsearch Incorrect Authorization vulnerability | moderate |
2024-03-27T18:32:39
(5 months ago) |
|
Fixed | = 8.13.0 |
CVE-2024-23451
|
MAVEN:GHSA-R3HX-QFH5-R9M7 | Elasticsearch Incorrect Authorization vulnerability | moderate |
2024-03-27T18:32:39
(5 months ago) |
|
Affected | >= 6.0.0, < 6.4.1 >= 5.6.0, < 5.6.12 |
CVE-2018-3831
|
MAVEN:GHSA-R9FV-QPM9-RJ4G | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | high |
2022-05-13T01:27:27
(2 years ago) |
|
Fixed | = 6.4.1 = 5.6.12 |
CVE-2018-3831
|
MAVEN:GHSA-R9FV-QPM9-RJ4G | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | high |
2022-05-13T01:27:27
(2 years ago) |
|
Affected | >= 6.4.0, <= 6.4.2 |
CVE-2018-17244
|
MAVEN:GHSA-VPQM-88C4-X4CV | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-13T01:34:04
(2 years ago) |
|
Fixed | = 6.4.3 |
CVE-2018-17244
|
MAVEN:GHSA-VPQM-88C4-X4CV | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | moderate |
2022-05-13T01:34:04
(2 years ago) |
|
Affected | >= 8.0.0, < 8.13.0 >= 7.0.0, < 7.17.19 |
CVE-2024-23450
|
MAVEN:GHSA-W5GG-2Q56-6H4F | Elasticsearch Uncontrolled Resource Consumption vulnerability | moderate |
2024-03-27T18:32:38
(5 months ago) |
|
Fixed | = 8.13.0 = 7.17.19 |
CVE-2024-23450
|
MAVEN:GHSA-W5GG-2Q56-6H4F | Elasticsearch Uncontrolled Resource Consumption vulnerability | moderate |
2024-03-27T18:32:38
(5 months ago) |
|
Affected | >= 1.4.0, <= 1.4.2 <= 1.3.7 |
CVE-2015-1427
|
MAVEN:GHSA-W94P-6MHW-4QXW | Improper Access Control in Elasticsearch | high |
2022-05-14T02:49:44
(2 years ago) |
|
Fixed | = 1.4.3 = 1.3.8 |
CVE-2015-1427
|
MAVEN:GHSA-W94P-6MHW-4QXW | Improper Access Control in Elasticsearch | high |
2022-05-14T02:49:44
(2 years ago) |
|
Affected | >= 8.0.0, < 8.2.1 |
CVE-2022-23712
|
MAVEN:GHSA-WH6W-69XC-5RQ5 | Improper Check for Unusual or Exceptional Conditions in Elasticsearch | high |
2022-06-07T00:00:33
(2 years ago) |
|
Fixed | = 8.2.1 |
CVE-2022-23712
|
MAVEN:GHSA-WH6W-69XC-5RQ5 | Improper Check for Unusual or Exceptional Conditions in Elasticsearch | high |
2022-06-07T00:00:33
(2 years ago) |
|
Affected | >= 1.5.0, <= 1.5.1 <= 1.4.4 |
CVE-2015-3337
|
MAVEN:GHSA-X8Q8-4HP5-463W | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | moderate |
2022-05-17T04:12:25
(2 years ago) |
|
Fixed | = 1.5.2 = 1.4.5 |
CVE-2015-3337
|
MAVEN:GHSA-X8Q8-4HP5-463W | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | moderate |
2022-05-17T04:12:25
(2 years ago) |