Search

Find a vulnerability

Search criteria

    132 vulnerabilities found for elasticsearch by elastic

    CVE-2026-49090 (GCVE-0-2026-49090)

    Vulnerability from nvd – Published: 2026-07-01 17:15 – Updated: 2026-07-01 17:56
    VLAI
    Title
    Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
    Summary
    Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 8.0.0 , ≤ 8.14.3 (semver)
    Affected: 7.0.0 , ≤ 7.17.23 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:56:23.912486Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:56:42.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "8.14.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T17:15:54.359Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-8-15-0-security-update-esa-2026-52"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-49090",
        "datePublished": "2026-07-01T17:15:54.359Z",
        "dateReserved": "2026-05-27T11:31:33.582Z",
        "dateUpdated": "2026-07-01T17:56:42.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56149 (GCVE-0-2026-56149)

    Vulnerability from nvd – Published: 2026-07-01 16:21 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.0.0 , ≤ 9.3.5 (semver)
    Affected: 8.0.0 , ≤ 8.19.16 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56149",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:43.883917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.3.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:21:24.437Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-43"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-56149",
        "datePublished": "2026-07-01T16:21:24.437Z",
        "dateReserved": "2026-06-19T11:01:02.535Z",
        "dateUpdated": "2026-07-01T17:25:09.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56148 (GCVE-0-2026-56148)

    Vulnerability from nvd – Published: 2026-07-01 16:17 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
    Summary
    Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.0.0 , ≤ 9.3.5 (semver)
    Affected: 8.0.0 , ≤ 8.19.16 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:52.494881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.3.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:17:05.998Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-42"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Uncontrolled Recursion in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-56148",
        "datePublished": "2026-07-01T16:17:05.998Z",
        "dateReserved": "2026-06-19T11:01:02.535Z",
        "dateUpdated": "2026-07-01T17:25:09.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68390 (GCVE-0-2025-68390)

    Vulnerability from nvd – Published: 2025-12-18 22:17 – Updated: 2025-12-19 15:36
    VLAI
    Title
    Elasticsearch Allocation of Resources Without Limits or Throttling
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.7 (semver)
    Affected: 9.0.0 , ≤ 9.1.7 (semver)
    Affected: 9.2.0 , ≤ 9.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:35:48.634946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:36:02.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.1",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T22:17:41.672Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Allocation of Resources Without Limits or Throttling",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-68390",
        "datePublished": "2025-12-18T22:17:41.672Z",
        "dateReserved": "2025-12-16T19:18:49.563Z",
        "dateUpdated": "2025-12-19T15:36:02.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68384 (GCVE-0-2025-68384)

    Vulnerability from nvd – Published: 2025-12-18 22:04 – Updated: 2025-12-19 15:19
    VLAI
    Title
    Elasticsearch Allocation of Resources Without Limits or Throttling
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.8 (semver)
    Affected: 9.0.0 , ≤ 9.1.8 (semver)
    Affected: 9.2.0 , ≤ 9.2.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:19:32.265593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:19:41.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.8",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.8",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.2",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T22:04:50.131Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Allocation of Resources Without Limits or Throttling",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-68384",
        "datePublished": "2025-12-18T22:04:50.131Z",
        "dateReserved": "2025-12-16T17:26:09.355Z",
        "dateUpdated": "2025-12-19T15:19:41.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37731 (GCVE-0-2025-37731)

    Vulnerability from nvd – Published: 2025-12-15 10:42 – Updated: 2026-02-26 16:07
    VLAI
    Title
    Elasticsearch Improper Authentication
    Summary
    Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.7 (semver)
    Affected: 9.0.0 , ≤ 9.1.7 (semver)
    Affected: 9.2.0 , ≤ 9.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T04:56:03.191864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:40.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.1",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T10:42:21.840Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Improper Authentication",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37731",
        "datePublished": "2025-12-15T10:42:21.840Z",
        "dateReserved": "2025-04-16T03:24:04.511Z",
        "dateUpdated": "2026-02-26T16:07:40.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37727 (GCVE-0-2025-37727)

    Vulnerability from nvd – Published: 2025-10-10 09:56 – Updated: 2025-10-10 16:34
    VLAI
    Title
    Elasticsearch Insertion of sensitive information in log file
    Summary
    Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.18.7 (semver)
    Affected: 8.19.0 , ≤ 8.19.4 (semver)
    Affected: 9.0.0 , ≤ 9.0.7 (semver)
    Affected: 9.1.0 , ≤ 9.1.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-10T16:34:28.484931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-10T16:34:36.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "repo": "https://github.com/elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.4",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.0.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.4",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eInsertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex\"\u003ereindex API\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the  reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-10T09:56:15.234Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Insertion of sensitive information in log file",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37727",
        "datePublished": "2025-10-10T09:56:15.234Z",
        "dateReserved": "2025-04-16T03:24:04.510Z",
        "dateUpdated": "2025-10-10T16:34:36.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52979 (GCVE-0-2024-52979)

    Vulnerability from nvd – Published: 2025-05-01 13:13 – Updated: 2025-05-01 13:25
    VLAI
    Title
    Elasticsearch Uncontrolled Resource Consumption vulnerability
    Summary
    Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , < 7.17.25 (semver)
    Affected: 8.0.0 , < 8.16.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T13:25:38.268712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T13:25:55.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "repo": "https://github.com/elastic/elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "7.17.25",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.16.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eUncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-01T13:13:07.426Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Uncontrolled Resource Consumption vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52979",
        "datePublished": "2025-05-01T13:13:07.426Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-05-01T13:25:55.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52981 (GCVE-0-2024-52981)

    Vulnerability from nvd – Published: 2025-04-08 16:54 – Updated: 2025-04-08 19:58
    VLAI
    Summary
    An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , ≤ 7.17.23 (semver)
    Affected: 8.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T19:58:40.053988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T19:58:51.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.23",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow."
                }
              ],
              "value": "An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T16:54:16.668Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52981",
        "datePublished": "2025-04-08T16:54:16.668Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-04-08T19:58:51.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52980 (GCVE-0-2024-52980)

    Vulnerability from nvd – Published: 2025-04-08 16:43 – Updated: 2025-04-08 19:59
    VLAI
    Title
    Elasticsearch Uncontrolled Resource Consumption vulnerability
    Summary
    A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T19:59:32.130694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T19:59:43.764Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\u003c/p\u003e\u003cp\u003eA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\n\nA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T16:43:41.103Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Uncontrolled Resource Consumption vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52980",
        "datePublished": "2025-04-08T16:43:41.103Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-04-08T19:59:43.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43709 (GCVE-0-2024-43709)

    Vulnerability from nvd – Published: 2025-01-21 11:00 – Updated: 2025-02-21 18:03
    VLAI
    Title
    Elasticsearch allocation of resources without limits or throttling leads to crash
    Summary
    An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0, 8.0.0 , < 7.17.21, 8.13.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43709",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T16:27:32.127802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T16:27:41.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-02-21T18:03:29.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250221-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "7.17.21, 8.13.3",
                  "status": "affected",
                  "version": "7.17.0, 8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eAn allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-21T11:00:11.403Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch allocation of resources without limits or throttling leads to crash",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-43709",
        "datePublished": "2025-01-21T11:00:11.403Z",
        "dateReserved": "2024-08-15T09:26:41.511Z",
        "dateUpdated": "2025-02-21T18:03:29.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-49090 (GCVE-0-2026-49090)

    Vulnerability from cvelistv5 – Published: 2026-07-01 17:15 – Updated: 2026-07-01 17:56
    VLAI
    Title
    Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
    Summary
    Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 8.0.0 , ≤ 8.14.3 (semver)
    Affected: 7.0.0 , ≤ 7.17.23 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:56:23.912486Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:56:42.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "8.14.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T17:15:54.359Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-8-15-0-security-update-esa-2026-52"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-49090",
        "datePublished": "2026-07-01T17:15:54.359Z",
        "dateReserved": "2026-05-27T11:31:33.582Z",
        "dateUpdated": "2026-07-01T17:56:42.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56149 (GCVE-0-2026-56149)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:21 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.0.0 , ≤ 9.3.5 (semver)
    Affected: 8.0.0 , ≤ 8.19.16 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56149",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:43.883917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.3.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:21:24.437Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-43"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-56149",
        "datePublished": "2026-07-01T16:21:24.437Z",
        "dateReserved": "2026-06-19T11:01:02.535Z",
        "dateUpdated": "2026-07-01T17:25:09.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56148 (GCVE-0-2026-56148)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:17 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
    Summary
    Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 9.4.0 , ≤ 9.4.2 (semver)
    Affected: 9.0.0 , ≤ 9.3.5 (semver)
    Affected: 8.0.0 , ≤ 8.19.16 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:52.494881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "9.4.2",
                  "status": "affected",
                  "version": "9.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.3.5",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.16",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:17:05.998Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-17-9-3-6-9-4-3-security-update-esa-2026-42"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Uncontrolled Recursion in Elasticsearch Leading to Denial of Service",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2026-56148",
        "datePublished": "2026-07-01T16:17:05.998Z",
        "dateReserved": "2026-06-19T11:01:02.535Z",
        "dateUpdated": "2026-07-01T17:25:09.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68390 (GCVE-0-2025-68390)

    Vulnerability from cvelistv5 – Published: 2025-12-18 22:17 – Updated: 2025-12-19 15:36
    VLAI
    Title
    Elasticsearch Allocation of Resources Without Limits or Throttling
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.7 (semver)
    Affected: 9.0.0 , ≤ 9.1.7 (semver)
    Affected: 9.2.0 , ≤ 9.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:35:48.634946Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:36:02.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.1",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T22:17:41.672Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Allocation of Resources Without Limits or Throttling",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-68390",
        "datePublished": "2025-12-18T22:17:41.672Z",
        "dateReserved": "2025-12-16T19:18:49.563Z",
        "dateUpdated": "2025-12-19T15:36:02.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68384 (GCVE-0-2025-68384)

    Vulnerability from cvelistv5 – Published: 2025-12-18 22:04 – Updated: 2025-12-19 15:19
    VLAI
    Title
    Elasticsearch Allocation of Resources Without Limits or Throttling
    Summary
    Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.8 (semver)
    Affected: 9.0.0 , ≤ 9.1.8 (semver)
    Affected: 9.2.0 , ≤ 9.2.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:19:32.265593Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:19:41.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.8",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.8",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.2",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAllocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.\u003c/p\u003e"
                }
              ],
              "value": "Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T22:04:50.131Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Allocation of Resources Without Limits or Throttling",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-68384",
        "datePublished": "2025-12-18T22:04:50.131Z",
        "dateReserved": "2025-12-16T17:26:09.355Z",
        "dateUpdated": "2025-12-19T15:19:41.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37731 (GCVE-0-2025-37731)

    Vulnerability from cvelistv5 – Published: 2025-12-15 10:42 – Updated: 2026-02-26 16:07
    VLAI
    Title
    Elasticsearch Improper Authentication
    Summary
    Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.19.7 (semver)
    Affected: 9.0.0 , ≤ 9.1.7 (semver)
    Affected: 9.2.0 , ≤ 9.2.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T04:56:03.191864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:40.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.2.1",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-15T10:42:21.840Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063"
            }
          ],
          "source": {
            "discovery": "Elastic"
          },
          "title": "Elasticsearch Improper Authentication",
          "x_generator": {
            "engine": "Elastic CVE Publisher 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37731",
        "datePublished": "2025-12-15T10:42:21.840Z",
        "dateReserved": "2025-04-16T03:24:04.511Z",
        "dateUpdated": "2026-02-26T16:07:40.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-37727 (GCVE-0-2025-37727)

    Vulnerability from cvelistv5 – Published: 2025-10-10 09:56 – Updated: 2025-10-10 16:34
    VLAI
    Title
    Elasticsearch Insertion of sensitive information in log file
    Summary
    Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.0.0 , ≤ 7.17.29 (semver)
    Affected: 8.0.0 , ≤ 8.18.7 (semver)
    Affected: 8.19.0 , ≤ 8.19.4 (semver)
    Affected: 9.0.0 , ≤ 9.0.7 (semver)
    Affected: 9.1.0 , ≤ 9.1.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-37727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-10T16:34:28.484931Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-10T16:34:36.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "repo": "https://github.com/elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.29",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.7",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.4",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.0.7",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "9.1.4",
                  "status": "affected",
                  "version": "9.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eInsertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex\"\u003ereindex API\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the  reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-10T09:56:15.234Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Insertion of sensitive information in log file",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2025-37727",
        "datePublished": "2025-10-10T09:56:15.234Z",
        "dateReserved": "2025-04-16T03:24:04.510Z",
        "dateUpdated": "2025-10-10T16:34:36.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52979 (GCVE-0-2024-52979)

    Vulnerability from cvelistv5 – Published: 2025-05-01 13:13 – Updated: 2025-05-01 13:25
    VLAI
    Title
    Elasticsearch Uncontrolled Resource Consumption vulnerability
    Summary
    Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , < 7.17.25 (semver)
    Affected: 8.0.0 , < 8.16.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T13:25:38.268712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T13:25:55.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "repo": "https://github.com/elastic/elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "7.17.25",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "8.16.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eUncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-01T13:13:07.426Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Uncontrolled Resource Consumption vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52979",
        "datePublished": "2025-05-01T13:13:07.426Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-05-01T13:25:55.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52981 (GCVE-0-2024-52981)

    Vulnerability from cvelistv5 – Published: 2025-04-08 16:54 – Updated: 2025-04-08 19:58
    VLAI
    Summary
    An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , ≤ 7.17.23 (semver)
    Affected: 8.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T19:58:40.053988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T19:58:51.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "7.17.23",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow."
                }
              ],
              "value": "An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T16:54:16.668Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52981",
        "datePublished": "2025-04-08T16:54:16.668Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-04-08T19:58:51.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52980 (GCVE-0-2024-52980)

    Vulnerability from cvelistv5 – Published: 2025-04-08 16:43 – Updated: 2025-04-08 19:59
    VLAI
    Title
    Elasticsearch Uncontrolled Resource Consumption vulnerability
    Summary
    A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T19:59:32.130694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T19:59:43.764Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\u003c/p\u003e\u003cp\u003eA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.\n\nA successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-08T16:43:41.103Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch Uncontrolled Resource Consumption vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-52980",
        "datePublished": "2025-04-08T16:43:41.103Z",
        "dateReserved": "2024-11-18T14:48:22.454Z",
        "dateUpdated": "2025-04-08T19:59:43.764Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43709 (GCVE-0-2024-43709)

    Vulnerability from cvelistv5 – Published: 2025-01-21 11:00 – Updated: 2025-02-21 18:03
    VLAI
    Title
    Elasticsearch allocation of resources without limits or throttling leads to crash
    Summary
    An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Elasticsearch Affected: 7.17.0, 8.0.0 , < 7.17.21, 8.13.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43709",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T16:27:32.127802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T16:27:41.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-02-21T18:03:29.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250221-0007/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Elasticsearch",
              "vendor": "Elastic",
              "versions": [
                {
                  "lessThan": "7.17.21, 8.13.3",
                  "status": "affected",
                  "version": "7.17.0, 8.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eAn allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-21T11:00:11.403Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "url": "https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elasticsearch allocation of resources without limits or throttling leads to crash",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2024-43709",
        "datePublished": "2025-01-21T11:00:11.403Z",
        "dateReserved": "2024-08-15T09:26:41.511Z",
        "dateUpdated": "2025-02-21T18:03:29.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2026-AVI-0325

    Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Metricbeat Metricbeat versions 8.x antérieures à 8.19.13
    Elastic Kibana Kibana versions 9.x antérieures à 9.2.7
    Elastic Kibana Kibana versions 9.3.x antérieures à 9.3.2
    Elastic Logstash Logstash versions 9.2.x antérieures à 9.2.4
    Elastic Elasticsearch Elasticsearch versions 9.x antérieures à 9.1.8
    Elastic Kibana Kibana versions 8.x antérieures à 8.19.13
    Elastic Packetbeat Packetbeat versions 9.x antérieures à 9.2.5
    Elastic Logstash Logstash versions 9.x antérieures à 9.1.10
    Elastic Packetbeat Packetbeat versions 8.x antérieures à 8.19.11
    Elastic Elasticsearch Elasticsearch versions 8.x antérieures à 8.19.8
    Elastic Logstash Logstash versions 8.x antérieures à 8.19.10
    Elastic Metricbeat Metricbeat versions 9.x antérieures à 9.2.5
    References
    Bulletin de sécurité Elastic 385534 2026-03-19 vendor-advisory
    Bulletin de sécurité Elastic 385535 2026-03-19 vendor-advisory
    Bulletin de sécurité Elastic 385531 2026-03-19 vendor-advisory
    Bulletin de sécurité Elastic 385533 2026-03-19 vendor-advisory
    Bulletin de sécurité Elastic 385532 2026-03-19 vendor-advisory
    Bulletin de sécurité Elastic 385530 2026-03-19 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Metricbeat versions 8.x ant\u00e9rieures \u00e0 8.19.13",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.x ant\u00e9rieures \u00e0 9.2.7",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Logstash versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Logstash",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.x ant\u00e9rieures \u00e0 9.1.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.19.13",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 9.x ant\u00e9rieures \u00e0 9.2.5",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Logstash versions 9.x ant\u00e9rieures \u00e0 9.1.10",
          "product": {
            "name": "Logstash",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 8.x ant\u00e9rieures \u00e0 8.19.11",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.x ant\u00e9rieures \u00e0 8.19.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Logstash versions 8.x ant\u00e9rieures \u00e0 8.19.10",
          "product": {
            "name": "Logstash",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Metricbeat versions 9.x ant\u00e9rieures \u00e0 9.2.5",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-26939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26939"
        },
        {
          "name": "CVE-2026-26940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26940"
        },
        {
          "name": "CVE-2026-26933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26933"
        },
        {
          "name": "CVE-2025-32434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32434"
        },
        {
          "name": "CVE-2025-66566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
        },
        {
          "name": "CVE-2026-26931",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26931"
        }
      ],
      "initial_release_date": "2026-03-20T00:00:00",
      "last_revision_date": "2026-03-20T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0325",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385534",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534"
        },
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385535",
          "url": "https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535"
        },
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385531",
          "url": "https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531"
        },
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385533",
          "url": "https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533"
        },
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385532",
          "url": "https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532"
        },
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic 385530",
          "url": "https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530"
        }
      ]
    }

    CERTFR-2026-AVI-0041

    Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Packetbeat Packetbeat versions 9.2.x antérieures à 9.2.4
    Elastic Packetbeat Packetbeat toutes versions 7.x
    Elastic Packetbeat Packetbeat versions 8.19.x antérieures à 8.19.10
    Elastic Packetbeat Packetbeat versions 9.x antérieures à 9.1.10
    Elastic Metricbeat Metricbeat toutes versions 7.x
    Elastic Metricbeat Metricbeat versions 8.19.x antérieures à 8.19.10
    Elastic Elasticsearch Elasticsearch versions 9.2.x antérieures à 9.2.4
    Elastic Metricbeat Metricbeat versions 9.x antérieures à 9.1.10
    Elastic Elasticsearch Elasticsearch toutes versions 7.x
    Elastic Elasticsearch Elasticsearch versions 9.x antérieures à 9.1.10
    Elastic Elasticsearch Elasticsearch versions 8.19.x antérieures à 8.19.10
    Elastic Metricbeat Metricbeat versions 9.2.x antérieures à 9.2.4
    Elastic Kibana Kibana versions 8.19.x antérieures à 8.19.10
    Elastic Kibana Kibana toutes versions 7.x
    Elastic Kibana Kibana versions 9.2.x antérieures à 9.2.4
    Elastic Kibana Kibana versions 9.x antérieures à 9.1.10
    References
    Bulletin de sécurité Elastic ESA-2026-08 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-02 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-01 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-04 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-05 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-07 2026-01-13 vendor-advisory
    Bulletin de sécurité Elastic ESA-2026-03 2026-01-13 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Packetbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat toutes versions 7.x",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
          "product": {
            "name": "Packetbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Metricbeat toutes versions 7.x",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Metricbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Metricbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch toutes versions 7.x",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.x ant\u00e9rieures \u00e0 9.1.10",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Metricbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Metricbeat",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana toutes versions 7.x",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.x ant\u00e9rieures \u00e0 9.1.10",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-0532",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0532"
        },
        {
          "name": "CVE-2026-0528",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0528"
        },
        {
          "name": "CVE-2026-0530",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0530"
        },
        {
          "name": "CVE-2026-0529",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0529"
        },
        {
          "name": "CVE-2025-66566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
        },
        {
          "name": "CVE-2026-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0543"
        },
        {
          "name": "CVE-2026-0531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0531"
        }
      ],
      "initial_release_date": "2026-01-14T00:00:00",
      "last_revision_date": "2026-01-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0041",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-01-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-08",
          "url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-02",
          "url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-01",
          "url": "https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-04",
          "url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-05",
          "url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-07",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-19-10-9-1-10-9-2-4-security-update-esa-2026-07/384525"
        },
        {
          "published_at": "2026-01-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-03",
          "url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521"
        }
      ]
    }

    CERTFR-2025-AVI-1123

    Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Elasticsearch Elasticsearch versions 9.2.x antérieures à 9.2.3
    Elastic Kibana Kibana versions 9.2.x antérieures à 9.2.3
    Elastic Kibana Kibana versions antérieures à 8.19.9
    Elastic N/A Filebeat versions antérieures à 8.19.9
    Elastic Elasticsearch Elasticsearch versions antérieures à 8.19.9
    Elastic N/A Filebeat versions 9.2.x antérieures à 9.2.3
    Elastic Elasticsearch Elasticsearch versions 9.0.x et 9.1.x antérieures à 9.1.9
    Elastic Kibana Kibana versions 9.0.x et 9.1.x antérieures à 9.1.9
    Elastic N/A Packetbeat versions 9.2.x antérieures à 9.2.3
    Elastic N/A Packetbeat versions 9.0.x et 9.1.x antérieures à 9.1.9
    Elastic N/A Filebeat versions 9.0.x et 9.1.x antérieures à 9.1.9
    Elastic N/A Packetbeat versions antérieures à 8.19.9
    References
    Bulletin de sécurité Elastic ESA-2025-38 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-34 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-31 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-30 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-36 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-35 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-32 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-33 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-39 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-37 2025-12-18 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-29 2025-12-18 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Elasticsearch versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions ant\u00e9rieures \u00e0 8.19.9",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Filebeat versions ant\u00e9rieures \u00e0 8.19.9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch  versions ant\u00e9rieures \u00e0 8.19.9",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Filebeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.0.x et 9.1.x ant\u00e9rieures \u00e0 9.1.9",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.0.x et 9.1.x ant\u00e9rieures \u00e0 9.1.9",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions 9.0.x et 9.1.x ant\u00e9rieures \u00e0 9.1.9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Filebeat versions 9.0.x et 9.1.x  ant\u00e9rieures \u00e0 9.1.9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Packetbeat versions ant\u00e9rieures \u00e0 8.19.9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-68384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
        },
        {
          "name": "CVE-2025-68381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68381"
        },
        {
          "name": "CVE-2025-68385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68385"
        },
        {
          "name": "CVE-2025-68389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68389"
        },
        {
          "name": "CVE-2025-68387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68387"
        },
        {
          "name": "CVE-2025-68422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68422"
        },
        {
          "name": "CVE-2025-68382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68382"
        },
        {
          "name": "CVE-2025-68388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68388"
        },
        {
          "name": "CVE-2025-68390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
        },
        {
          "name": "CVE-2025-68386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68386"
        },
        {
          "name": "CVE-2025-68383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68383"
        }
      ],
      "initial_release_date": "2025-12-19T00:00:00",
      "last_revision_date": "2025-12-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1123",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-38",
          "url": "https://discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-38/384186"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-34",
          "url": "https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-34/384182"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-31",
          "url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-30",
          "url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-30/384178"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-36",
          "url": "https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-36/384184"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-35",
          "url": "https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-35/384183"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-32",
          "url": "https://discuss.elastic.co/t/filebeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-32/384180"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-33",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-39",
          "url": "https://discuss.elastic.co/t/kibana-8-19-7-9-1-7-and-9-2-1-security-update-esa-2025-39/384187"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-37",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185"
        },
        {
          "published_at": "2025-12-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-29",
          "url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177"
        }
      ]
    }

    CERTFR-2025-AVI-1112

    Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Elasticsearch Elasticsearch versions antérieures à 8.19.8
    Elastic Kibana Kibana versions 9.2.x antérieures à 9.2.2
    Elastic Kibana Kibana versions antérieures à 8.19.8
    Elastic Elasticsearch Elasticsearch versions 9.2.x antérieures à 9.2.2
    Elastic Elasticsearch Elasticsearch versions 9.1.x antérieures à 9.1.8
    Elastic Kibana Kibana versions 9.1.x antérieures à 9.1.8
    References
    Bulletin de sécurité Elastic ESA-2025-28 2025-12-15 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-27 2025-12-15 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Elasticsearch versions ant\u00e9rieures \u00e0 8.19.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.2.x ant\u00e9rieures \u00e0 9.2.2",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions ant\u00e9rieures \u00e0 8.19.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.2.x ant\u00e9rieures \u00e0 9.2.2",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.1.x ant\u00e9rieures \u00e0 9.1.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.1.x ant\u00e9rieures \u00e0 9.1.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-37732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37732"
        },
        {
          "name": "CVE-2025-37731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
        }
      ],
      "initial_release_date": "2025-12-15T00:00:00",
      "last_revision_date": "2025-12-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1112",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-12-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-28",
          "url": "https://discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-28/384064"
        },
        {
          "published_at": "2025-12-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-27",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063"
        }
      ]
    }

    CERTFR-2025-AVI-0849

    Vulnerability from certfr_avis - Published: 2025-10-07 - Updated: 2025-10-07

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Elasticsearch Elasticsearch versions 9.1.x antérieures à 9.1.5
    Elastic Kibana Kibana - Crowdstrike Connector versions 8.19.x antérieures à 8.19.5
    Elastic Elasticsearch Elasticsearch versions 9.0.x antérieures à 9.0.8
    Elastic Kibana Kibana - Crowdstrike Connector versions 9.0.x antérieures à 9.0.8
    Elastic Kibana Kibana versions 9.0.x antérieures à 9.0.8
    Elastic Elasticsearch Elasticsearch versions 8.19.x antérieures à 8.19.5
    Elastic Kibana Kibana versions 8.19.x antérieures à 8.19.5
    Elastic Kibana Kibana versions 9.1.x antérieures à 9.1.5
    Elastic Kibana Kibana - Crowdstrike Connector versions 9.1.x antérieures à 9.1.5
    Elastic Elasticsearch Elasticsearch versions antérieures à 8.18.8
    Elastic Kibana Kibana - Crowdstrike Connector versions antérieures à 8.18.8
    Elastic Kibana Kibana versions antérieures à 8.18.8
    References
    Bulletin de sécurité Elastic ESA-2025-16 2025-10-06 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-20 2025-10-06 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-19 2025-10-06 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-18 2025-10-06 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-17 2025-10-06 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Elasticsearch versions 9.1.x ant\u00e9rieures \u00e0 9.1.5",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana - Crowdstrike Connector versions 8.19.x ant\u00e9rieures \u00e0 8.19.5",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.0.x ant\u00e9rieures \u00e0 9.0.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana - Crowdstrike Connector versions 9.0.x ant\u00e9rieures \u00e0 9.0.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.0.x ant\u00e9rieures \u00e0 9.0.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.19.x ant\u00e9rieures \u00e0 8.19.5",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.19.x ant\u00e9rieures \u00e0 8.19.5",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.1.x ant\u00e9rieures \u00e0 9.1.5",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana - Crowdstrike Connector versions 9.1.x ant\u00e9rieures \u00e0 9.1.5",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions ant\u00e9rieures \u00e0 8.18.8",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana - Crowdstrike Connector versions ant\u00e9rieures \u00e0 8.18.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions ant\u00e9rieures \u00e0 8.18.8",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-37728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37728"
        },
        {
          "name": "CVE-2025-25017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25017"
        },
        {
          "name": "CVE-2025-37727",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
        },
        {
          "name": "CVE-2025-25009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25009"
        },
        {
          "name": "CVE-2025-25018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25018"
        }
      ],
      "initial_release_date": "2025-10-07T00:00:00",
      "last_revision_date": "2025-10-07T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0849",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-10-07T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-10-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-16",
          "url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450"
        },
        {
          "published_at": "2025-10-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-20",
          "url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449"
        },
        {
          "published_at": "2025-10-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-19",
          "url": "https://discuss.elastic.co/t/kibana-crowdstrike-connector-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-19/382455"
        },
        {
          "published_at": "2025-10-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-18",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453"
        },
        {
          "published_at": "2025-10-06",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-17",
          "url": "https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-17/382451"
        }
      ]
    }

    CERTFR-2025-AVI-0738

    Vulnerability from certfr_avis - Published: 2025-08-29 - Updated: 2025-08-29

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Elasticsearch Elasticsearch versions 9.0.x antérieures à 9.0.6
    Elastic Enterprise Search Enterprise Search versions 8.x antérieures à 8.18.6
    Elastic Enterprise Search Enterprise Search versions 8.19.x antérieures à 8.19.3
    Elastic Elasticsearch Elasticsearch versions 8.18.x antérieures à 8.18.6
    Elastic Elasticsearch Elasticsearch versions 9.1.x antérieures à 9.1.3
    Elastic Elasticsearch Elasticsearch versions 8.19.x antérieures à 8.19.3
    Elastic Kibana Kibana versions 9.1.x antérieures à 9.1.3
    Elastic Kibana Kibana versions 9.0.x antérieures à 9.0.6
    References
    Bulletin de sécurité Elastic ESA-2025-15 2025-08-28 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-14 2025-08-28 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-13 2025-08-28 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Elasticsearch versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Enterprise Search versions 8.x ant\u00e9rieures \u00e0 8.18.6",
          "product": {
            "name": "Enterprise Search",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Enterprise Search versions 8.19.x ant\u00e9rieures \u00e0 8.19.3",
          "product": {
            "name": "Enterprise Search",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.18.x ant\u00e9rieures \u00e0 8.18.6",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 9.1.x ant\u00e9rieures \u00e0 9.1.3",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.19.x ant\u00e9rieures \u00e0 8.19.3",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.1.x ant\u00e9rieures \u00e0 9.1.3",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-54988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
        },
        {
          "name": "CVE-2025-25010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25010"
        }
      ],
      "initial_release_date": "2025-08-29T00:00:00",
      "last_revision_date": "2025-08-29T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0738",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-08-29T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-08-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-15",
          "url": "https://discuss.elastic.co/t/enterprise-search-8-18-6-8-19-3-security-update-esa-2025-15-cve-2025-54988/381428"
        },
        {
          "published_at": "2025-08-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-14",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-18-6-8-19-3-9-0-6-and-9-1-3-security-update-esa-2025-14-cve-2025-54988/381427"
        },
        {
          "published_at": "2025-08-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-13",
          "url": "https://discuss.elastic.co/t/kibana-9-0-6-9-1-3-security-update-esa-2025-13/381426"
        }
      ]
    }

    CERTFR-2025-AVI-0359

    Vulnerability from certfr_avis - Published: 2025-05-02 - Updated: 2025-05-02

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Elasticsearch Elasticsearch versions antérieures à 7.17.25
    Elastic Kibana Kibana versions 7.17.x postérieures à 7.14.6 et antérieures à 7.17.24
    Elastic APM Server APM Server versions 8.x antérieures à 8.16.1
    Elastic Elasticsearch Elasticsearch versions antérieures à 8.16.0
    Elastic Logstash Logstash versions 8.15.x antérieures à 8.15.3
    Elastic Elastic Agent Elastic Agent versions antérieures à 8.15.4
    Elastic Elastic Agent Elastic Agent versions antérieures à 7.17.25
    Elastic Kibana Kibana versions 8.x antérieures à 8.13.0
    References
    Bulletin de sécurité Elastic ESA-2024-47 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-39 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-03 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-20 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-38 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-40 2025-05-01 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-41 2025-05-01 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Elasticsearch versions ant\u00e9rieures \u00e0 7.17.25",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 7.17.x post\u00e9rieures \u00e0 7.14.6 et ant\u00e9rieures \u00e0 7.17.24",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "APM Server versions 8.x ant\u00e9rieures \u00e0 8.16.1",
          "product": {
            "name": "APM Server",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions ant\u00e9rieures \u00e0 8.16.0",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Logstash versions 8.15.x ant\u00e9rieures \u00e0 8.15.3",
          "product": {
            "name": "Logstash",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elastic Agent versions ant\u00e9rieures \u00e0 8.15.4",
          "product": {
            "name": "Elastic Agent",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elastic Agent versions ant\u00e9rieures \u00e0 7.17.25",
          "product": {
            "name": "Elastic Agent",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.x ant\u00e9rieures \u00e0 8.13.0",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-47561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
        },
        {
          "name": "CVE-2023-46669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46669"
        },
        {
          "name": "CVE-2024-52979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
        },
        {
          "name": "CVE-2024-11994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11994"
        },
        {
          "name": "CVE-2024-11390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11390"
        },
        {
          "name": "CVE-2025-25016",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25016"
        },
        {
          "name": "CVE-2024-52976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52976"
        }
      ],
      "initial_release_date": "2025-05-02T00:00:00",
      "last_revision_date": "2025-05-02T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0359",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-02T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-47",
          "url": "https://discuss.elastic.co/t/kibana-7-17-19-and-8-13-0-security-update-esa-2024-47/377711"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-39",
          "url": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-03",
          "url": "https://discuss.elastic.co/t/elastic-agent-elastic-endpoint-security-security-update-esa-2025-03/377706"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-20",
          "url": "https://discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-38",
          "url": "https://discuss.elastic.co/t/logstash-8-15-3-security-update-esa-2024-38/377707"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-40",
          "url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709"
        },
        {
          "published_at": "2025-05-01",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-41",
          "url": "https://discuss.elastic.co/t/apm-server-8-16-1-security-update-esa-2024-41/377710"
        }
      ]
    }

    CERTFR-2025-AVI-0298

    Vulnerability from certfr_avis - Published: 2025-04-09 - Updated: 2025-04-09

    De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Elastic Kibana Kibana versions 8.17.x antérieures à 8.17.2
    Elastic Logstash Logstash versions antérieures à 8.15.3
    Elastic Elastic Defend Elastic Defend versions antérieures à 8.17.3
    Elastic Kibana Kibana versions 8.16.x antérieures à 8.16.4
    Elastic Kibana Kibana versions 7.17.x antérieures à 7.17.23
    Elastic Kibana Kibana versions 8.15.x antérieures à 8.15.1
    Elastic Elasticsearch Elasticsearch versions 8.15.x antérieures à 8.15.1
    Elastic Elasticsearch Elasticsearch versions 7.17.x antérieures à 7.17.24
    References
    Bulletin de sécurité Elastic ESA-2024-37 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-02 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-35 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-34 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2025-05 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-48 2025-04-08 vendor-advisory
    Bulletin de sécurité Elastic ESA-2024-36 2025-04-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Kibana versions 8.17.x ant\u00e9rieures \u00e0 8.17.2",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Logstash versions ant\u00e9rieures \u00e0 8.15.3",
          "product": {
            "name": "Logstash",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elastic Defend versions ant\u00e9rieures \u00e0 8.17.3",
          "product": {
            "name": "Elastic Defend",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.16.x ant\u00e9rieures \u00e0 8.16.4",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 7.17.x ant\u00e9rieures \u00e0 7.17.23",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Kibana versions 8.15.x ant\u00e9rieures \u00e0 8.15.1",
          "product": {
            "name": "Kibana",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 8.15.x ant\u00e9rieures \u00e0 8.15.1",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        },
        {
          "description": "Elasticsearch versions 7.17.x ant\u00e9rieures \u00e0 7.17.24",
          "product": {
            "name": "Elasticsearch",
            "vendor": {
              "name": "Elastic",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-12556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12556"
        },
        {
          "name": "CVE-2024-43380",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43380"
        },
        {
          "name": "CVE-2024-52980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52980"
        },
        {
          "name": "CVE-2025-25013",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25013"
        },
        {
          "name": "CVE-2024-52974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52974"
        },
        {
          "name": "CVE-2024-52981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52981"
        },
        {
          "name": "CVE-2024-49761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
        }
      ],
      "initial_release_date": "2025-04-09T00:00:00",
      "last_revision_date": "2025-04-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0298",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-04-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
      "vendor_advisories": [
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-37",
          "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-02",
          "url": "https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-35",
          "url": "https://discuss.elastic.co/t/logstash-8-15-1-security-update-esa-2024-35/376920"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-34",
          "url": "https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2025-05",
          "url": "https://discuss.elastic.co/t/elastic-defend-8-17-3-security-update-esa-2025-05/376921"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-48",
          "url": "https://discuss.elastic.co/t/logstash-8-15-3-8-16-0-security-update-esa-2024-48/376922"
        },
        {
          "published_at": "2025-04-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2024-36",
          "url": "https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-security-update-esa-2024-36/376923"
        }
      ]
    }