products / elasticsearch
Elasticsearch
Elasticsearch is Elastic's distributed search and analytics engine. NVD uses elastic:elasticsearch with standard dotted stack versions (7.x, 8.x).
api usage
Querying Elasticsearch
product slug
elasticsearchversion format
7.13.3, 8.11.1bash
curl "https://api.attestd.io/v1/check?product=elasticsearch&version=7.13.3" \
-H "Authorization: Bearer $ATTESTD_KEY"Spot-check CVE-2021-22145 (information disclosure). Replace JSON with your live /v1/check output.
json
{
"product": "elasticsearch",
"version": "7.13.3",
"supported": true,
"risk_state": "high",
"risk_factors": ["remote_exploitable", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "7.13.4",
"confidence": 0.86,
"cve_ids": ["CVE-2021-22145"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Newer release
bash
curl "https://api.attestd.io/v1/check?product=elasticsearch&version=8.15.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2021-22145 | Document and field disclosure via Elasticsearch APIs under specific index settings. | 7.x (see NVD) | 7.5 |
CVE-2021-22144 | Document ranking / scoring issue leading to information exposure. | 7.10–7.13 | 5.3 |
CVE-2020-7009 | TLS hostname verification bypass in monitoring features. | 7.4–7.6 | 7.4 |
CVE-2019-7614 | Privilege escalation in Elasticsearch security realms. | 6.7, 7.0 | 8.8 |
CVE-2024-23444 | Elasticsearch stack vulnerability (verify NVD for exact ranges). | see NVD | 6.5 |
related