Search-guard Search Guard — known CVE vulnerabilities
Every CVE whose affected-product data names Search-guard Search Guard, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-13423 — CVSS 8.8 (high): Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as…
CVE-2019-13419 — CVSS 7.5 (high): Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
CVE-2019-13418 — CVSS 7.5 (high): Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
CVE-2019-13415 — CVSS 6.5 (medium): Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to…
CVE-2019-13416 — CVSS 6.5 (medium): Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on…
CVE-2019-13422 — CVSS 6.1 (medium): Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially…
CVE-2018-20698 — CVSS 6.1 (medium): The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
CVE-2019-13420 — CVSS 5.9 (medium): Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
CVE-2019-13417 — CVSS 5.3 (medium): Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not…
CVE-2019-13421 — CVSS 4.9 (medium): Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users…