Elasticsearch Vulnerability Patches

vikas_gopal · July 5, 2018, 1:21pm

Hi Experts ,

I was checking below document
https://www.elastic.co/community/security

Here I saw Vulnerability Summary along with the Remediation. Generally it asks to upgrade to 6.X or to the latest release . My concern here is what if I am not in position to upgrade my entire stack can this CVE be separately installed as a patch ?

Just for an example CVE-2018-3827 is really important in my case but as a remediation I need to upgrade to 6.3 . Is there any other alternate ?

Regrads
Vikas

ikakavas · July 13, 2018, 1:17pm

Hello @vikas_gopal,

Thank you for raising this. The aforementioned issue is also fixed in 5.6.10, we will make sure to update our notes.

system · August 10, 2018, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Discuss: Security Vulnerabilities: ESA-2023-14 - CVE-2023-31419 Elasticsearch	3	683	January 4, 2024
Will there be a new release of 6.x version mitigating CVE-2020-7018 Elastic Search	2	617	November 4, 2022
Vulnerability CVE-2020-13956 reported on Elasticsearch 7.17.4 Elasticsearch	5	342	July 18, 2022
Security update associated with CVE-2023-31418 has confusing wording Elasticsearch	2	458	December 29, 2023
Elasticsearch 1.4.3 and 1.3.8 Release (including CVE) Elasticsearch	1	356	July 6, 2017

Elasticsearch Vulnerability Patches

Related topics