Description:
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack.
We have been assigned CVE 2015-8131for this issue.
CVSS Score: 4.0
Remediation:
We recommend that all Kibana users upgrade to either 4.1.3, 4.2.1, or a later
version.
Confirmation:
We have publish
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on
other applications on the system. The snapshot API may be used indirectly to
place snapshot metadata files into locations that are writeable by the user
running the Elasticsearch process. It is possible to
Summary:
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on
its transport protocol that enables remote code execution. This issue is
related to the Groovy announcement in CVE-2015-3253.
Deployments are vulnerable even when Groovy dynamic scripting is disabled.
Summary:
Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue
called the FREAK attack. If you are using the Lumberjack input, FREAK allows an
attacker to successfully implement a man in the middle attack, intercepting
communication between the Logstash Forwarder agent an
Summary:
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory
traversal attack that allows an attacker to retrieve files that are readable by
the Elasticsearch JVM process.
We have been assigned CVE-2015-5531 for this issue.
Fixed versions:
Versions 1.6.1 and 1.7.0 addres
Summary:
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on
its transport protocol that enables remote code execution. This issue is
related to the Groovy announcement in CVE-2015-3253.
Deployments are vulnerable even when Groovy dynamic scripting is disabled.
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on
other applications on the system. The snapshot API may be used indirectly to
place snapshot metadata files into locations that are writeable by the user
running the Elasticsearch process. It is possible to
Summary:
Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting
(XSS) attack. The attack allows execution of arbitrary JavaScript in the
context of the user’s browser.
We have been assigned CVE-2015-4093 for this issue.
Fixed versions:
Versions 4.0.3 and 4.1.0 have a
Summary:
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal
attack that allows an attacker to over-write files on the server running
Logstash. This vulnerability is not present in the initial installation of
Logstash. The vulnerability is exposed when the file output plu
Summary:
All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a
directory traversal attack that allows an attacker to retrieve files from the
server running Elasticsearch. This vulnerability is not present in the
initial installation of Elasticsearch. The vulnerability is exp
Summary:
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the
Groovy scripting engine. The vulnerabilities allow an attacker to construct
Groovy scripts that escape the sandbox and execute shell commands as the user
running the Elasticsearch Java VM.
We have been as
11 matches
Mail list logo