Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

CVEs 223

CVE ID	Title	CVSS	Severity	Published
CVE-2021-22134	Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200	4.3	-	2021-03-08
CVE-2020-7021	Elasticsearch 日志信息泄露漏洞 — ElasticsearchCWE-532	4.9	-	2021-02-10
CVE-2021-22133	GE APM 日志信息泄露漏洞 — Elastic APM Agent for GoCWE-532	2.4	-	2021-02-10
CVE-2021-22132	Elastic 资源管理错误漏洞 — ElasticsearchCWE-522	4.3	-	2021-01-14
CVE-2020-7020	Elasticsearch 安全漏洞 — ElasticsearchCWE-270	3.1	-	2020-10-22
CVE-2020-7018	Elasticsearch Elastic Enterprise Search 安全漏洞 — Elastic Enterprise SearchCWE-266	8.8	-	2020-08-18
CVE-2020-7019	Elasticsearch 安全漏洞 — ElasticsearchCWE-270	6.5	-	2020-08-18
CVE-2020-7016	Elasticsearch Kibana 资源管理错误漏洞 — KibanaCWE-185	4.8	-	2020-07-27
CVE-2020-7017	Elastic Kibana 跨站脚本漏洞 — KibanaCWE-79	5.4	-	2020-07-27
CVE-2020-7013	Elasticsearch Kibana 代码注入漏洞 — KibanaCWE-94	8.8	-	2020-06-03
CVE-2020-7014	Elasticsearch 安全漏洞 — ElasticsearchCWE-266	8.8	-	2020-06-03
CVE-2020-7015	Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79	5.4	-	2020-06-03
CVE-2020-7011	Elastic App Search 跨站脚本漏洞 — Elastic App SearchCWE-84	6.1	-	2020-06-03
CVE-2020-7012	Elasticsearch Kibana 代码注入漏洞 — KibanaCWE-94	8.8	-	2020-06-03
CVE-2020-7010	Elastic Cloud on Kubernetes 安全漏洞 — Elastic Cloud on KubernetesCWE-335	7.5	-	2020-06-03
CVE-2020-7009	Elasticsearch 安全漏洞 — ElasticsearchCWE-266	8.8	-	2020-03-31
CVE-2019-7621	Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79	5.4	-	2019-12-18
CVE-2019-7620	Elasticsearch Logstash 输入验证错误漏洞 — LogstashCWE-400	7.5	-	2019-10-30
CVE-2019-7619	Elasticsearch 加密问题漏洞 — ElasticsearchCWE-200	5.3	-	2019-10-30
CVE-2019-7618	Elastic Code 路径遍历漏洞 — Elastic CodeCWE-538	5.5	-	2019-10-01
CVE-2019-7617	Elasticsearch Elastic APM agent for Python 输入验证错误漏洞 — Elastic APM agent for PythonCWE-20	7.2	-	2019-08-22
CVE-2019-7614	Elasticsearch 竞争条件问题漏洞 — ElasticsearchCWE-362	5.9	-	2019-07-30
CVE-2019-7615	Elasticsearch Elastic APM agent for Ruby 信任管理问题漏洞 — Elastic APM agent for RubyCWE-295	7.4	-	2019-07-30
CVE-2019-7616	Elasticsearch Kibana 代码问题漏洞 — KibanaCWE-918	4.9	-	2019-07-30
CVE-2019-7608	Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79	6.1	-	2019-03-25
CVE-2019-7610	Elasticsearch Kibana 命令注入漏洞 — KibanaCWE-94	9.0	-	2019-03-25
CVE-2019-7611	Elasticsearch 安全漏洞 — ElasticsearchCWE-284	8.1	-	2019-03-25
CVE-2019-7612	Elasticsearch Logstash 日志信息泄露漏洞 — LogstashCWE-209	9.8	-	2019-03-25
CVE-2019-7613	Elasticsearch Winlogbeat 输入验证错误漏洞 — LogstashCWE-778	5.3	-	2019-03-25
CVE-2019-7609	Elasticsearch Kibana 代码注入漏洞 — KibanaCWE-94	9.6	-	2019-03-25

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Elastic — Vulnerabilities & Security Advisories 223