Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Elastic — Vulnerabilities & Security Advisories 223

Browse all 223 CVE security advisories affecting Elastic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Elastic operates as a search and analytics engine, primarily powering the ELK Stack for log management and data visualization. With 223 recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and authentication bypasses within its Java-based architecture. Notable incidents involve unauthorized access to sensitive data through exposed APIs, highlighting risks associated with default configurations. The sheer volume of CVEs suggests persistent challenges in securing complex distributed systems. While the software remains a cornerstone for enterprise search, its extensive attack surface requires rigorous patching and strict access controls to mitigate the high probability of exploitation by threat actors targeting its widespread deployment infrastructure.

Top products by Elastic: Kibana Elasticsearch Logstash Packetbeat Elastic X-Pack Security Elastic Cloud Enterprise APM Server Beats Elastic Enterprise Search Elastic Agent Elastic Cloud Enterprise (ECE) X-Pack Security Elasticsearch X-Pack Machine Learning Elastic Defend Fleet Server Metricbeat Elastic Cloud on Kubernetes Elastic App Search Filebeat Elastic Endpoint Security Elastic Package Registry Elastic APM Java Agent Elastic APM .NET Agent Elastic Sharepoint Online Python Connector Elasticsearch-Hadoop Enterprise Search Elastic Network Drive Connector Elastic Agent and Elastic Defend Endpoint Elastic Endpoint Security and Elastic Endgame Security
CVE IDTitleCVSSSeverityPublished
CVE-2018-17244 Elasticsearch Security 安全漏洞 — ElasticsearchCWE-362 7.5 -2018-12-20
CVE-2018-17245 Elasticsearch Kibana 安全漏洞 — KibanaCWE-201 9.1 -2018-12-20
CVE-2018-17246 Elasticsearch Kibana Console插件安全漏洞 — KibanaCWE-73 10.0 -2018-12-20
CVE-2018-17247 Elasticsearch Security 跨站脚本漏洞 — ElasticsearchCWE-611 5.9 -2018-12-20
CVE-2018-3823 Elastic X-Pack Machine Learning 跨站脚本漏洞 — Elasticsearch X-Pack Machine LearningCWE-79 5.4 -2018-09-19
CVE-2018-3824 Elastic X-Pack Machine Learning 跨站脚本漏洞 — Elasticsearch X-Pack Machine LearningCWE-79 6.1 -2018-09-19
CVE-2018-3825 Elastic Cloud Enterprise 安全漏洞 — Elastic Cloud Enterprise (ECE)CWE-321 5.9 -2018-09-19
CVE-2018-3826 Elasticsearch 安全漏洞 — ElasticsearchCWE-200 5.3 -2018-09-19
CVE-2018-3827 Elasticsearch repository-azure插件信任管理问题漏洞 — ElasticsearchCWE-532 8.1 -2018-09-19
CVE-2018-3828 Elastic Cloud Enterprise 信息泄露漏洞 — Elastic Cloud EnterpriseCWE-532 8.8 -2018-09-19
CVE-2018-3829 Elastic Cloud Enterprise 安全漏洞 — Elastic Cloud EnterpriseCWE-285 6.5 -2018-09-19
CVE-2018-3830 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2018-09-19
CVE-2018-3831 Elasticsearch Alerting and Monitoring 信息泄露漏洞 — ElasticsearchCWE-200 8.1 -2018-09-19
CVE-2018-3817 Elasticsearch Logstash 信息泄露漏洞 — LogstashCWE-532 4.3 -2018-03-30
CVE-2018-3818 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2018-03-30
CVE-2018-3819 Elasticsearch Kibana 安全漏洞 — KibanaCWE-601 4.7 -2018-03-30
CVE-2018-3820 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2018-03-30
CVE-2018-3821 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2018-03-30
CVE-2018-3822 Elasticsearch X-Pack Security 路径遍历漏洞 — X-Pack SecurityCWE-287 9.8 -2018-03-30
CVE-2017-11480 Elasticsearch Packetbeat PostgreSQL protocol handler 安全漏洞 — PacketbeatCWE-404 7.5 -2017-12-08
CVE-2017-11481 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2017-12-08
CVE-2017-11482 Elasticsearch Kibana 安全漏洞 — KibanaCWE-601 6.1 -2017-12-08
CVE-2017-8444 Elastic Cloud Enterprise 安全漏洞 — Elastic Cloud EnterpriseCWE-319 5.9 -2017-09-28
CVE-2017-8447 Elasticsearch X-Pack Security 安全漏洞 — Elastic X-Pack SecurityCWE-284 6.5 -2017-09-28
CVE-2017-8448 Elastic X-Pack Alerting 安全漏洞 — Elastic X-Pack AlertingCWE-284 8.8 -2017-09-28
CVE-2017-8445 Elasticsearch X-Pack Security TLS trust manager 安全漏洞 — Elastic X-Pack SecurityCWE-295 5.5 -2017-08-18
CVE-2017-8446 Elasticsearch X-Pack和Reporting插件安全漏洞 — Elastic X-Pack ReportingCWE-522 6.5 -2017-08-18
CVE-2017-8442 Elasticsearch X-Pack Security 信息泄露漏洞 — Elasticsearch X-Pack SecurityCWE-402 6.5 -2017-07-07
CVE-2017-8443 Elasticsearch Kibana X-Pack security 信息泄露漏洞 — Kibana X-Pack SecurityCWE-598 7.4 -2017-06-30
CVE-2015-9056 Elasticsearch Kibana 跨站脚本漏洞 — KibanaCWE-79 6.1 -2017-06-16

This page lists every published CVE security advisory associated with Elastic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.