pkg:Bitnami/elasticsearch

37 total CVEsHIGH6MEDIUM29LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2021-37937Elasticsearch privilege escalation
    >= 7.13.0, < 7.14.1
  • HIGH8.8CVE-2020-7009Improper Privilege Management in Elasticsearch
    >= 6.7.0, < 6.8.8, >= 7.0.0, < 7.6.2
  • HIGH8.8CVE-2020-7014Privilege Escalation Flaw in Elasticsearch
    >= 6.7.0, < 6.8.8, >= 7.0.0, < 7.6.2
  • HIGH7.5CVE-2021-22146All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters.
    >= 7.13.3, < 7.13.4
  • HIGH7.5CVE-2023-31418Elasticsearch vulnerable to Uncontrolled Resource Consumption
    from 0, < 7.17.13, >= 8.0.0, < 8.8.3
  • HIGH7.5CVE-2022-23712Improper Check for Unusual or Exceptional Conditions in Elasticsearch
    >= 8.0.0, < 8.2.1
  • MEDIUM6.8CVE-2025-37731Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
    from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
  • MEDIUM6.5CVE-2025-68384Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data
    from 0, < 8.19.9, >= 9.0.0, < 9.1.9, >= 9.2.0, < 9.2.3
  • MEDIUM6.5CVE-2024-52979Elasticsearch Uncontrolled Resource Consumption vulnerability
    >= 7.17.0, < 7.17.25, >= 8.0.0, < 8.16.0
  • MEDIUM6.5CVE-2024-52980Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
    >= 7.17.0, < 8.15.1
  • MEDIUM6.5CVE-2024-43709Elasticsearch allocation of resources without limits or throttling leads to crash
    >= 7.17.0, < 7.17.21, >= 8.0.0, < 8.13.3
  • MEDIUM6.5CVE-2024-23445Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
    >= 8.10.0, < 8.14.0
  • MEDIUM6.5CVE-2023-46673Elasticsearch Improper Handling of Exceptional Conditions
    >= 7.0.0, < 7.17.14, >= 8.0.0, < 8.10.3
  • MEDIUM6.5CVE-2023-31419Elasticsearch StackOverflow vulnerability
    >= 7.0.0, < 7.17.13, >= 8.0.0, < 8.9.1
  • MEDIUM6.5CVE-2021-22145Generation of Error Message Containing Sensitive Information in Elasticsearch
    >= 7.10.0, < 7.13.4
  • MEDIUM6.5CVE-2020-7019Improper privilege management in elasticsearch
    from 0, < 6.8.12, >= 7.0.0, < 7.9.0
  • MEDIUM6.5CVE-2021-22147Exposure of sensitive information in Elasticsearch
    >= 7.11.0, < 7.14.0
  • MEDIUM6.0CVE-2023-46674Elasticsearch-hadoop Unsafe Deserialization
    from 0, < 7.17.11, >= 8.0.0, < 8.9.0
  • MEDIUM5.7CVE-2025-37727Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
    from 0, < 8.18.8, >= 8.19.0, < 8.19.5, >= 9.0.0, < 9.0.8, >= 9.1.0, < 9.1.5
  • MEDIUM5.7CVE-2021-22144Denial of Service in Elasticsearch
    from 0, < 6.8.17, >= 7.0.0, < 7.13.3
  • MEDIUM5.3CVE-2021-22137Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
    from 0, < 6.8.15, >= 7.11.0, < 7.11.2
  • MEDIUM5.3CVE-2021-22135API information disclosure flaw in Elasticsearch
    from 0, < 6.8.15, >= 7.11.0, < 7.11.2
  • MEDIUM5.2CVE-2023-49921Elasticsearch Insertion of Sensitive Information into Log File
    >= 7.0.0, < 7.17.16, >= 8.0.0, < 8.11.2
  • MEDIUM4.9CVE-2025-68390Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation
    from 0, < 8.19.8, >= 9.0.0, < 9.1.8, >= 9.2.0, < 9.2.2
  • MEDIUM4.9CVE-2024-52981Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
    >= 7.17.0, < 7.17.24, >= 8.0.0, < 8.15.1
  • MEDIUM4.9CVE-2024-23444Elasticsearch stores private key on disk unencrypted
    >= 7.0.0, < 7.17.23, >= 8.0.0, < 8.13.0
  • MEDIUM4.9CVE-2024-37280Elasticsearch StackOverflow vulnerability
    >= 8.13.1, < 8.14.0
  • MEDIUM4.9CVE-2024-23450Elasticsearch Uncontrolled Resource Consumption vulnerability
    >= 7.0.0, < 7.17.19, >= 8.0.0, < 8.13.0
  • MEDIUM4.9CVE-2020-7021Insertion of Sensitive Information into Log File in Elasticsearch
    from 0, < 6.8.14, >= 7.0.0, < 7.10.0
  • MEDIUM4.8CVE-2021-22132Insufficiently Protected Credentials in Elasticsearch
    >= 7.7.0, < 7.10.2
  • MEDIUM4.4CVE-2024-23451Elasticsearch Incorrect Authorization vulnerability
    >= 8.10.0, < 8.13.0
  • MEDIUM4.3CVE-2024-23449Elasticsearch Uncaught Exception leading to crash
    >= 8.4.0, < 8.11.1
  • MEDIUM4.3CVE-2022-23708Elasticsearch privilege escalation
    >= 7.16.0, < 7.17.1
  • MEDIUM4.3CVE-2021-22134Exposure of Sensitive Information to an Unauthorized Actor
    >= 7.6.0, < 7.11.1
  • MEDIUM4.1CVE-2023-31417Elasticsearch Insertion of sensitive information in audit logs
    >= 7.0.0, < 7.17.13, >= 8.0.0, < 8.9.2
  • LOW3.1CVE-2020-7020Privilege Context Switching Error in Elasticsearch
    from 0, < 6.8.13, >= 7.0.0, < 7.9.2
  • CVE-2024-12539Elasticsearch Incorrect Authorization vulnerability
    >= 8.16.0, < 8.17.0