Elastic Elasticsearch vulnerabilities
51 known vulnerabilities affecting elastic/elasticsearch.
Total CVEs
51
CISA KEV
2
actively exploited
Public exploits
6
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH20MEDIUM27LOW2
Vulnerabilities
Page 1 of 3
CVE-2015-1427P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 1.3.8≥ 1.4.0, < 1.4.32015-02-17
CVE-2015-1427 [CRITICAL] CVE-2015-1427: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attac
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
nvdosv
CVE-2014-3120P1HIGHCVSS 8.1KEVPoCfixed in 1.2.02014-07-28
CVE-2014-3120 [HIGH] CWE-284 CVE-2014-3120: The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
nvd
CVE-2015-5531P2MEDIUMCVSS 5.0ExploitedPoC≥ 0, < 1.7.3+dfsg-32015-08-17
CVE-2015-5531 [MEDIUM] CVE-2015-5531: Directory traversal vulnerability in Elasticsearch before 1
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
osv
CVE-2023-31419P2HIGHCVSS 7.5PoC≥ 7.0.0, ≤ 7.17.12≥ 8.0.0, ≤ 8.9.0+2 more2023-10-26
CVE-2023-31419 [HIGH] CWE-121 CVE-2023-31419: A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted q
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
nvd
CVE-2021-22145P2MEDIUMCVSS 6.5PoC≥ 7.10.0, ≤ 7.13.32021-07-21
CVE-2021-22145 [MEDIUM] CWE-200 CVE-2021-22145: A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information suc
nvd
CVE-2021-22146P2HIGHCVSS 7.5PoCv7.13.32021-07-21
CVE-2021-22146 [HIGH] CVE-2021-22146: All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default i
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
nvd
CVE-2023-31418P3HIGHCVSS 7.5Exploited≤ 7.17.12≥ 8.0.0, ≤ 8.8.2+3 more2023-10-26
CVE-2023-31418 [HIGH] CWE-400 CVE-2023-31418: An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it
nvd
CVE-2015-5377P2CRITICALCVSS 9.8fixed in 1.6.12018-03-06
CVE-2015-5377 [CRITICAL] CVE-2015-5377: Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
nvdosv
CVE-2020-7014P3HIGHCVSS 8.8≥ 6.7.0, ≤ 6.8.7≥ 7.0.0, ≤ 7.6.12020-06-03
CVE-2020-7014 [HIGH] CVE-2020-7014: The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication
nvd
CVE-2021-37937P3HIGHCVSS 8.8≥ 7.13.0, ≤ 7.14.0≥ 7.13.0, < 7.14.02023-11-22
CVE-2021-37937 [HIGH] CWE-269 CVE-2021-37937: An issue was found with how API keys are created with the Fleet-Server service account. When an API
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.
nvd
CVE-2020-7009P3HIGHCVSS 8.8≥ 6.7.0, < 6.8.8≥ 7.0.0, < 7.6.2+1 more2020-03-31
CVE-2020-7009 [HIGH] CWE-266 CVE-2020-7009: Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
nvd
CVE-2015-4165P3HIGHCVSS 7.5≥ 0, < 1.7.3+dfsg-32017-08-09
CVE-2015-4165 [HIGH] CVE-2015-4165: The snapshot API in Elasticsearch before 1
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execut
osv
CVE-2022-23712P3HIGHCVSS 7.5≥ 8.0.0, < 8.2.1vversions 8.0.0 through 8.2.02022-06-06
CVE-2022-23712 [HIGH] CWE-754 CVE-2022-23712: A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticat
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
nvd
CVE-2018-3831P3HIGHCVSS 8.8≥ 5.6.0, < 5.6.12≥ 6.0.0, < 6.4.1+1 more2018-09-19
CVE-2018-3831 [HIGH] CWE-200 CVE-2018-3831: Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclos
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to impro
nvd
CVE-2019-7611P3HIGHCVSS 8.1fixed in 5.6.15≥ 6.0.0, < 6.6.1+1 more2019-03-25
CVE-2019-7611 [HIGH] CWE-284 CVE-2019-7611: A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Secu
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the acti
nvd
CVE-2025-37731P3HIGHCVSS 7.4≥ 7.0.0, ≤ 7.17.29≥ 8.0.0, < 8.19.8+5 more2025-12-15
CVE-2025-37731 [HIGH] CWE-287 CVE-2025-37731: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially craf
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
nvd
CVE-2024-43709P3HIGHCVSS 7.5≥ 7.17.0, < 7.17.21≥ 8.0.0, < 8.13.3+1 more2025-01-21
CVE-2024-43709 [HIGH] CWE-770 CVE-2024-43709: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryE
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
nvd
CVE-2024-23451P3MEDIUMCVSS 6.5≥ 8.10.0, < 8.13.02024-03-27
CVE-2024-23451 [MEDIUM] CWE-863 CVE-2024-23451: Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote
nvd
CVE-2023-46674P3HIGHCVSS 7.8fixed in 7.17.11≥ 8.0.0, < 8.9.02023-12-05
CVE-2023-46674 [HIGH] CWE-502 CVE-2023-46674: An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
nvd
CVE-2023-46673P3HIGHCVSS 7.5≥ 7.0.0, < 7.17.14≥ 8.0.0, < 8.10.32023-11-22
CVE-2023-46673 [HIGH] CWE-755 CVE-2023-46673: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could ca
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
nvd
1 / 3Next →