Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

Top products by Elastic: Kibana Elasticsearch Logstash Packetbeat Elastic X-Pack Security Elastic Cloud Enterprise APM Server Beats Elastic Enterprise Search Elastic Agent Elastic Cloud Enterprise (ECE) X-Pack Security Elasticsearch X-Pack Machine Learning Elastic Defend Fleet Server Metricbeat Elastic Cloud on Kubernetes Elastic App Search Filebeat Elastic Endpoint Security Elastic Package Registry Elastic APM Java Agent Elastic APM .NET Agent Elastic Sharepoint Online Python Connector Elasticsearch-Hadoop Enterprise Search Elastic Network Drive Connector Elastic Agent and Elastic Defend Endpoint Elastic Endpoint Security and Elastic Endgame Security
CVE IDTitleCVSSSeverityPublished
CVE-2024-23448 APM Server Insertion of Sensitive Information into Log File — APM ServerCWE-532 5.7 Medium2024-02-07
CVE-2024-23447 Elastic Network Drive Connector Improper Access Control — Elastic Network Drive ConnectorCWE-284 5.3 Medium2024-02-07
CVE-2024-23446 Kibana Broken Access Control issue — KibanaCWE-284 6.5 Medium2024-02-07
CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File — KibanaCWE-532 8.0 High2023-12-13
CVE-2023-46671 Kibana Insertion of Sensitive Information into Log File — KibanaCWE-532 8.0 High2023-12-13
CVE-2023-6687 Elastic Agent Insertion of Sensitive Information into Log File — Elastic AgentCWE-532 6.8 Medium2023-12-12
CVE-2023-49922 Beats Insertion of Sensitive Information into Log File — BeatsCWE-532 6.8 Medium2023-12-12
CVE-2023-49923 Enterprise Search Insertion of Sensitive Information into Log File — Enterprise SearchCWE-532 6.8 Medium2023-12-12
CVE-2023-46674 Elasticsearch-hadoop Unsafe Deserialization — Elasticsearch-HadoopCWE-502 6.0 Medium2023-12-05
CVE-2023-46673 Elasticsearch 安全漏洞 — ElasticsearchCWE-755 6.5 Medium2023-11-22
CVE-2021-37937 Elasticsearch privilege escalation — ElasticsearchCWE-269 5.9 Medium2023-11-22
CVE-2021-37942 APM Java Agent Local Privilege Escalation — Elastic APM Java AgentCWE-269 7.0 High2023-11-22
CVE-2021-22143 Elastic APM .NET Agent information disclosure — Elastic APM .NET AgentCWE-200 2.1 Low2023-11-22
CVE-2021-22142 Kibana Reporting vulnerabilities — KibanaCWE-1104 6.6 Medium2023-11-22
CVE-2021-22151 Kibana path traversal issue — KibanaCWE-22 3.1 Low2023-11-22
CVE-2021-22150 Kibana code execution issue — KibanaCWE-94 6.6 Medium2023-11-22
CVE-2023-46672 Logstash Insertion of Sensitive Information into Log File — LogstashCWE-532 8.4 High2023-11-15
CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue — Elastic Cloud on KubernetesCWE-200 5.3 Medium2023-10-26
CVE-2023-31417 Elasticsearch Insertion of sensitive information in audit logs — ElasticsearchCWE-532 4.1 Medium2023-10-26
CVE-2023-31418 Elasticsearch uncontrolled resource consumption — ElasticsearchCWE-400 7.5 High2023-10-26
CVE-2023-31419 Elasticsearch StackOverflow vulnerability — ElasticsearchCWE-121 6.5 Medium2023-10-26
CVE-2023-46666 Elastic Sharepoint Online Python Connector Improper Access Control — Elastic Sharepoint Online Python ConnectorCWE-284 5.3 Medium2023-10-26
CVE-2023-31421 Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue — BeatsCWE-295 5.9 Medium2023-10-26
CVE-2023-31422 Kibana Insertion of Sensitive Information into Log File — KibanaCWE-532 9.0 Critical2023-10-26
CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File — Fleet ServerCWE-532 8.1 High2023-10-26
CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File — EndpointCWE-532 4.6 Medium2023-10-25
CVE-2023-31415 Elastic Kibana 代码注入漏洞 — KibanaCWE-94 9.9 -2023-05-04
CVE-2023-31414 Elastic Kibana 代码注入漏洞 — KibanaCWE-94 9.1 -2023-05-04
CVE-2023-31413 Elastic Filebeat 日志信息泄露漏洞 — FilebeatCWE-200 7.5 -2023-05-04
CVE-2022-38779 Elastic Kibana 输入验证错误漏洞 — kibanaCWE-601 6.1 -2023-02-21

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.