Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

CVEs 223

CVE ID	Title	CVSS	Severity	Published
CVE-2022-38777	Elastic Endpoint Security 安全漏洞 — Elastic Endpoint SecurityCWE-269	7.8	-	2023-02-08
CVE-2022-38778	Kibana 输入验证错误漏洞 — kibanaCWE-20	6.5	-	2023-02-08
CVE-2022-38774	Elastic Endpoint Security 安全漏洞 — Elastic Endpoint Security and Elastic Endgame SecurityCWE-269	7.8	-	2023-01-24
CVE-2022-38775	Elastic Endpoint Security 安全漏洞 — Elastic Endpoint SecurityCWE-269	7.8	-	2023-01-24
CVE-2021-22141	Elastic Kibana 输入验证错误漏洞 — KibanaCWE-601	6.1	-	2022-11-18
CVE-2021-37936	Elastic Kibana 跨站脚本漏洞 — KibanaCWE-79	6.1	-	2022-11-18
CVE-2022-23716	Elastic Cloud Enterprise 日志信息泄露漏洞 — Elastic Cloud EnterpriseCWE-532	6.5	-	2022-09-28
CVE-2022-23715	Elastic Cloud Enterprise 日志信息泄露漏洞 — Elastic Cloud EnterpriseCWE-532	6.5	-	2022-08-25
CVE-2022-23714	Elastic 安全漏洞 — Endpoint SecurityCWE-264	7.8	-	2022-07-06
CVE-2022-23713	Vega 跨站脚本漏洞 — kibanaCWE-79	6.1	-	2022-07-06
CVE-2022-23712	Elasticsearch 安全漏洞 — elasticsearchCWE-754	7.5	-	2022-06-06
CVE-2022-23711	Elastic Kibana 信息泄露漏洞 — kibanaCWE-200	5.3	-	2022-04-21
CVE-2022-23710	Elastic Stack Kibana 跨站脚本漏洞 — kibanaCWE-79	6.1	-	2022-03-03
CVE-2022-23709	Elastic Stack Kibana 安全漏洞 — kibanaCWE-264	4.3	-	2022-03-03
CVE-2022-23708	Elasticsearch 安全漏洞 — elasticsearchCWE-264	4.3	-	2022-03-03
CVE-2022-23707	Elastic Stack Kibana跨站脚本漏洞 — KibanaCWE-79	5.4	-	2022-02-11
CVE-2021-37941	GE APM 安全漏洞 — APM Java AgentCWE-269	7.8	-	2021-12-08
CVE-2021-37940	GitHub Enterprise Server 代码问题漏洞 — EnterprisesearchCWE-918	4.9	-	2021-12-07
CVE-2021-37939	Elastic Stack Kibana 安全漏洞 — KibanaCWE-200	2.7	-	2021-11-18
CVE-2021-37938	Elastic Stack Kibana 路径遍历漏洞 — KibanaCWE-269	7.1	-	2021-11-18
CVE-2021-22148	Elasticsearch Elastic Enterprise Search 安全漏洞 — Elastic Enterprise SearchCWE-732	8.8	-	2021-09-15
CVE-2021-22149	Elasticsearch Elastic Enterprise Search 安全漏洞 — Elastic Enterprise SearchCWE-732	8.1	-	2021-09-15
CVE-2021-22147	Elasticsearch 安全漏洞 — ElasticsearchCWE-732	6.5	-	2021-09-15
CVE-2021-22145	Elastic 安全漏洞 — ElasticsearchCWE-200	6.5	-	2021-07-21
CVE-2021-22140	Elastic App Search web crawler 代码问题漏洞 — Elastic App SearchCWE-611	7.5	-	2021-05-13
CVE-2021-22138	Elasticsearch Logstash 信任管理问题漏洞 — ElasticsearchCWE-295	3.7	-	2021-05-13
CVE-2021-22139	Elastic Stack Kibana 资源管理错误漏洞 — KibanaCWE-400	6.5	-	2021-05-13
CVE-2021-22137	Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200	5.3	-	2021-05-13
CVE-2021-22135	Elasticsearch 信息泄露漏洞 — ElasticsearchCWE-200	5.3	-	2021-05-13
CVE-2021-22136	Elastic Stack Kibana 代码问题漏洞 — KibanaCWE-613	2.4	-	2021-05-13

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Elastic — Vulnerabilities & Security Advisories 223