Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.elasticsearch:elasticsearch Security Advisories

Browse all Security Advisories for maven org.elasticsearch:elasticsearch

Loading...
Moderate
GSA_kwCzR0hTQS01djhmLXh4OW0td2o0NM4AA-S-
Elasticsearch stores private key on disk unencrypted
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yaGpyLXZtZjMteHd2cM4AA-IR
Elasticsearch Insertion of Sensitive Information into Log File
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00cTIyLTQyMmctbTRwas4AA9C9
Elasticsearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wdzM5LWYzbTUtY3hmY84AA6b_
Elasticsearch Uncaught Exception leading to crash
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yM2h4LXFmaDUtcjltN84AA6YJ
Elasticsearch Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13NWdnLTJxNTYtNmg0Zs4AA6Xy
Elasticsearch Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yODVtLXZoZnEteHg0aM4AA3TU
Elasticsearch Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05OXBjLTY5cTktanhmMs4AA2uQ
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yY3FmLTZ4djktZjIyd84AA2uM
Elasticsearch vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3J4LTQ1eGYtampmN84AA2uL
Elasticsearch vulnerable to stack overflow in the search API
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS13aDZ3LTY5eGMtNXJxNc4AAraK
Improper Check for Unusual or Exceptional Conditions in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocjY1LXFxNnAtODdyNM4AAofW
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcWd2LTI1NnItbTlyOM4AAngq
Insertion of Sensitive Information into Log File in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jNzdqLXA0ODQtaDg0bc4AAlqm
Improper privilege management in elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nZnY1LWdyeDItOWp3Ms4AAkGJ
Improper Privilege Management in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oeHA4LXI5ZzMtZ3Jmcs4AAijS
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcW02LW0zajMtOGdnOc4AAhfR
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OHE4LTRocDUtNDYzd84AAdxO
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Njk5LW04NTUtY3dxZs4AAWFu
Cross-site scripting in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13OTRwLTZtaHctNHF4d84AAWDl
Improper Access Control in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1maDV4LTRqNTctNnE1eM4AAWBg
Improper Access Control in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qanE4LXZmanEtajZ2NM4AAWAn
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jY21yLXFqMjYtODQ1Z84AARKU
Improper Restriction of XML External Entity Reference in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHFtLTg4YzQteDRjds4AARKl
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tanBjLXF4N2gtcjhjOc4AARAH
Elasticsearch subject to cross site scripting
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yOWZ2LXFwbTktcmo0Z84AAQl7
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1majMyLTZ2N20tNTdwZ832Tw
Improper Access Control in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZ3E2LWNjcWotaHBxcs0v_A
Elasticsearch privilege escalation
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NWg1LXI5NjgtNXhyN80Vxw
Exposure of sensitive information in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzOTMtaHZyai13N3Yz
Denial of Service in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyd3ctNHAzcC03Zmhq
API information disclosure flaw in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmdngtMmpqMy02bWZm
Insufficiently Protected Credentials in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxcXYtOXgzdi1tcDd3
Privilege Escalation Flaw in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ZnctOXg4Ny1ybXJq
Privilege Context Switching Error in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3dnYtNDM4ci1taHZq
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Package
org.jenkins-ci.main:jenkins-core 193 org.apache.tomcat:tomcat 132 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 51 com.liferay.portal:release.portal.bom 46 org.apache.tomcat.embed:tomcat-embed-core 38 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 org.keycloak:keycloak-services 36 net.mingsoft:ms-mcms 35 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.apache.geode:geode-core 17 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.tomcat:tomcat-coyote 14 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins.workflow:workflow-cps 13 org.bouncycastle:bcprov-jdk15on 12 org.apache.hadoop:hadoop-common 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:git 12 org.jeecgframework.boot:jeecg-boot-parent 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.apache.ranger:ranger 11 org.jeecgframework.boot:jeecg-boot-common 11 org.jenkins-ci.plugins:email-ext 11 org.apache.jspwiki:jspwiki-war 11 org.apache.commons:commons-compress 11 org.springframework:spring-webmvc 11 org.igniterealtime.openfire:parent 11 org.apache.cxf:cxf-core 11 org.apache.camel:camel-core 11 com.xuxueli:xxl-job 11 org.apache.james:james-server 11 org.mortbay.jetty:jetty 11 org.apache.tika:tika-core 11 org.jboss.netty:netty 10 org.apache.tomcat:tomcat-catalina 10 org.springframework:spring-web 10 org.apache.inlong:manager-service 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.xwiki.platform:xwiki-platform-administration-ui 10 io.netty:netty 10 org.jenkins-ci.plugins:active-directory 9 org.jenkins-ci.plugins:electricflow 9 org.opencrx:opencrx-core-models 9 org.apache.kylin:kylin 9 org.apache.xmlgraphics:batik 9 org.opennms:opennms 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.apache.tapestry:tapestry-core 9 org.bouncycastle:bcprov-jdk15to18 9 org.opencms:opencms-core 9 cn.hutool:hutool-core 9 org.craftercms:crafter-studio 9 twbs/bootstrap 9 org.apache.shiro:shiro-core 9 bootstrap 9 org.apache.hive:hive 9 org.webjars:bootstrap 9 org.apache.archiva:archiva 9 bootstrap 9 bootstrap 9 org.apache.linkis:linkis 9 org.jenkins-ci.plugins:config-file-provider 9 io.jenkins:configuration-as-code 9 org.postgresql:postgresql 8 org.jenkins-ci.plugins:ec2 8 org.apache.santuario:xmlsec 8 org.apache.pdfbox:pdfbox 8 org.apache.ambari:ambari 8 io.jenkins.blueocean:blueocean 8 org.graylog2:graylog2-server 8 org.apache.hive:hive-exec 8 org.apache.ozone:ozone-main 8 pyspark 8 org.yaml:snakeyaml 8 org.webjars.npm:jquery 8 org.apache.zeppelin:zeppelin 8 jquery-rails 8 jquery 8 mysql:mysql-connector-java 8 com.hazelcast:hazelcast 8 org.apache.activemq:activemq-parent 7 org.apache.logging.log4j:log4j-core 7 org.apache.inlong:manager-web 7 net.opentsdb:opentsdb 7 io.atomix:atomix 7 bootstrap.sass 7 bootstrap-sass 7 org.apache.poi:poi 7 org.owasp.esapi:esapi 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:subversion 7 org.jenkins-ci.plugins:rundeck 7 org.jenkins-ci.plugins:oic-auth 7 jQuery.UI.Combined 7 org.jenkins-ci.plugins:artifactory 7 org.webjars.npm:jquery-ui 7 org.apache.cxf:apache-cxf 7 jquery-ui-rails 7 jquery-ui 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.spark:spark-core_2.11 7 org.jeecgframework.boot:jeecg-boot-base 7 org.apache.hive:hive-service 7 io.jenkins.plugins:warnings-ng 7 org.jenkins-ci.plugins:jobConfigHistory 7 rubygems-update 7 org.jruby:jruby-stdlib 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.derby:derby 7 io.dataease:dataease-plugin-common 7 jQuery 7 org.apache.karaf:apache-karaf 7 org.owasp.antisamy:antisamy 7 org.jboss.resteasy:resteasy-client 7 org.apache.atlas:atlas-common 7 org.apache.tika:tika 7 org.jenkins-ci.plugins:mercurial 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.spark:spark-core_2.10 6 org.apache.shenyu:shenyu-common 6 org.apache.axis:axis 6 axis:axis 6 org.apache.httpcomponents:httpclient 6 org.apache.syncope:syncope-core 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.jenkins-ci.plugins:azure-vm-agents 6 io.netty:netty-handler 6 com.google.protobuf:protobuf-java 6 org.csanchez.jenkins.plugins:kubernetes 6 io.netty:netty-codec-http 6 org.opencastproject:opencast-kernel 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.apache.mesos:mesos 6 org.jenkins-ci.plugins:pipeline-maven 6 hudson.plugins:project-inheritance 6 org.apache.storm:storm-core 6 com.jflyfox:jflyfox_jfinal 6 org.jenkins-ci.plugins:repository-connector 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.apache.pulsar:pulsar-broker 6 org.apache.solr:solr-parent 6 org.xwiki.commons:xwiki-commons-xml 6 tech.powerjob:powerjob 6 org.apache.druid:druid 6 cn.hutool:hutool-json 6 org.apache.struts:struts2-rest-plugin 6 org.infinispan:infinispan-core 6 org.opensearch.plugin:opensearch-security 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.bouncycastle:bcprov-jdk18on 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.jenkins-ci.plugins:matrix-project 5 com.vaadin:vaadin-server 5 org.jenkins-ci.plugins:junit 5 org.jenkins-ci.plugins:fortify 5 com.xuxueli:xxl-job-core 5 org.apache.ignite:ignite-core 5 info.magnolia:magnolia-core 5 org.apache.hadoop:hadoop-client 5 org.jenkins-ci.plugins:sinatra-chef-builder 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:google-login 5 org.apache.streampark:streampark 5 org.jboss.resteasy:resteasy-bom 5 io.vertx:vertx-web 5 com.synopsys.jenkinsci:ownership 5 org.apache.zeppelin:zeppelin-server 5 com.alibaba:dubbo 5 org.apache.zookeeper:zookeeper 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:google-compute-engine 5 org.jenkins-ci.plugins:azure-ad 5 org.apache.inlong:manager-dao 5