Elastic

Elasticsearch

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-68390

  • EPSS 0.14%
  • Veröffentlicht 18.12.2025 22:17:41
  • Zuletzt bearbeitet 23.12.2025 17:44:51

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP reques...

6.5

CVE-2025-68384

  • EPSS 0.05%
  • Veröffentlicht 18.12.2025 22:04:50
  • Zuletzt bearbeitet 23.12.2025 17:45:41

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized use...

7.4

CVE-2025-37731

  • EPSS 0.03%
  • Veröffentlicht 15.12.2025 10:42:21
  • Zuletzt bearbeitet 18.12.2025 01:49:07

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

5.7

CVE-2025-37727

  • EPSS 0.04%
  • Veröffentlicht 10.10.2025 09:56:15
  • Zuletzt bearbeitet 23.12.2025 17:39:24

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

7.5

CVE-2024-52979

  • EPSS 0.08%
  • Veröffentlicht 01.05.2025 13:13:07
  • Zuletzt bearbeitet 02.10.2025 16:40:31

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

7.5

CVE-2024-52981

  • EPSS 0.31%
  • Veröffentlicht 08.04.2025 16:54:16
  • Zuletzt bearbeitet 02.10.2025 15:33:30

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

6.5

CVE-2024-52980

  • EPSS 0.27%
  • Veröffentlicht 08.04.2025 16:43:41
  • Zuletzt bearbeitet 30.09.2025 21:35:59

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipelin...

7.5

CVE-2024-43709

  • EPSS 0.52%
  • Veröffentlicht 21.01.2025 11:15:09
  • Zuletzt bearbeitet 21.02.2025 18:15:16

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

6.5

CVE-2024-12539

  • EPSS 0.34%
  • Veröffentlicht 17.12.2024 21:15:07
  • Zuletzt bearbeitet 04.02.2025 15:16:44

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

7.5

CVE-2024-23444

  • EPSS 1.22%
  • Veröffentlicht 31.07.2024 18:15:11
  • Zuletzt bearbeitet 04.02.2025 15:16:17

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if t...