Some vulnerabilities in Elasticsearch v7.10.0 x-pack, Elasticsearch sql cli 7.10.0, plugin cli, security cli

Sagarika_Mahalik · December 22, 2021, 10:58pm

Hi,

There are some Vulnerabilities in Elasticsearch 7.10.0 version.
Some vulnerabilities in Elasticsearch v7.10.0 x-pack, Elasticsearch sql cli 7.10.0, plugin cli, security cli.

While installing Elasticsearch all of the above modules like x-pack-core, x-pack-security, x-pack-ml, x-pack-watcher, Elasticsearch sql cli 7.10.0, plugin cli, security cli also getting installed which shows some Vulnerabilities.

Is there a way to remove these package if they are not used in project or any way we can upgrade these components?

These are the Vulnerabilities links:
NVD - CVE-2020-13956
NVD - CVE-2021-40690
NVD - CVE-2020-15522
NVD - CVE-2018-1000613
NVD - CVE-2020-28052
NVD - CVE-2020-15522
NVD - CVE-2019-7611

Thanks

Christian_Dahlqvist · December 24, 2021, 5:30am

I would recommend you upgrade to version 7.16.2 and check there.

system · January 21, 2022, 5:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Some vulnerabilities in Elasticsearch v7.16.3 x-pack, Elasticsearch sql cli 7.16.3, plugin cli, security cli Elasticsearch	4	264	April 20, 2022
Some vulnerabilities in Elasticsearch v7.10.0 Elasticsearch	3	516	December 10, 2021
Elasticseach JDK and sql-cli vulnerability mitigation Elasticsearch	3	221	June 30, 2022
CVEs present in the latest version Elasticsearch	2	461	June 6, 2023
Expected resolution for some vulnerabilities found Elasticsearch elastic-stack-security	1	42	November 9, 2024

Some vulnerabilities in Elasticsearch v7.10.0 x-pack, Elasticsearch sql cli 7.10.0, plugin cli, security cli

Related topics