Seeking Acknowledgement on Multiple Vulnerability Reports

skraft9 · June 28, 2025, 4:56pm

I submitted multiple security vulnerability reports affecting Elastic software in April 2025.

As of today, I have not received any acknowledgment from Elastic regarding the submissions.

For internal reference, the ServiceNow case is SEC0003547.

skraft9 · June 28, 2025, 5:24pm

I understand product security issues aren’t handled here. However, I’ve already contacted security@elastic.co and have not received any response.

I’m requesting internal escalation to ensure the security team is aware and can respond accordingly. Please escalate this matter.

Levine · June 28, 2025, 7:19pm

Hello @skraft9,
We are aware of the bug bounty reports and we will respond there.
Thank you for your patience.
-Brian Leviine
Director Product Security | Elastic

Topic		Replies	Views
Expected resolution for some vulnerabilities found Elasticsearch elastic-stack-security	1	135	November 9, 2024
ELK Security Kibana	6	152	August 26, 2024
Impact of CVE-2022-42889 on Elastic stack Elasticsearch	5	2401	November 21, 2022
CVE-2022-1471 Still Applicable in latest 7.* and 8. *, not listed on Security Issues Page Endpoint Security elastic-stack-security	4	968	October 12, 2023
Http security header not detected vulnerability Kibana	3	466	March 22, 2022

Seeking Acknowledgement on Multiple Vulnerability Reports

Related topics