RSS   Podatności dla 'Enterprise search'   RSS

2021-12-07
 
CVE-2021-37940

CWE-918
 

 
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.

 
2020-08-18
 
CVE-2020-7018

CWE-269
 

 
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ??�?�?developer??�?�? role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.

 

 >>> Vendor: Elastic 16 Produkty
Logstash
Elasticsearch
Kibana
X-pack
Kibana reporting
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent
Elastic cloud on kubernetes
Elastic app search
Enterprise search


Copyright 2024, cxsecurity.com

 

Back to Top