Security
Voltar para Security Alert
- [LES] Elastic's Response to Log4j Exploit (CVE-2021-44228)
- Alerta de Segurança do Jenkins 2024-01-24: CVE-2024-23897
- ClamAV HFS+ Alerta de Segurança: CVE-2023-20032
- Dec 16 Liferay’s Update about Log4j vulnerabilities CVE-2021-4104, CVE-2021-44228 and CVE-2021-45046
- Dec 18 Liferay’s Update about Log4j CVE-2021-45105
- Delayed: Disabling TLS 1.0 for Inbound Traffic on Liferay Services and Websites
- Disabling TLS 1.0 for Inbound Traffic on Liferay Services and Websites
- Elasticsearch and Liferay Enterprise Search Security Advisory: 2018 November
- Elasticsearch and Liferay Enterprise Search Security Advisory: April 2, 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: April 28, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: April 7, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: August 23, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: August 5, 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: Dec 11, 2021 (Log4j2, CVE-2021-44228, CVE-2021-45046,CVE-2021-45105)
- Elasticsearch and Liferay Enterprise Search Security Advisory: February 2019
- Elasticsearch and Liferay Enterprise Search Security Advisory: January 15, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: January 16, 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: July 12, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: July 23, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: June 2, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: June 4, 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: March 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: March 9, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: Nov 12, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: October 2019
- Elasticsearch and Liferay Enterprise Search Security Advisory: October 22, 2020
- Elasticsearch and Liferay Enterprise Search Security Advisory: Sept 2, 2021
- Elasticsearch and Liferay Enterprise Search Security Advisory: September 2, 2020
- Elastic Security Statement for CVE-2024-3094, xz versions 5.6.0 and 5.6.1
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-1364
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23707
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23708, CVE-2022-23709, CVE-2022-23710
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23711
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23713
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38779
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38900
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-1370
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31414, CVE-2023-31415, CVE-2023-26486, CVE-2023-26487
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31417
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31418, CVE-2023-31419, CVE-2023-31422
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-46671, CVE-2023-46673
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-46675, CVE-2023-49921
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-12539
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-12556, CVE-2024-52974, CVE-2024-52980, CVE-2024-52981
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23445, CVE-2024-37279, CVE-2024-37280, CVE-2024-23442, CVE-2024-23443, CVE-2024-2887, CVE-2024-37281, CVE-2024-37287, CVE-2024-23444
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23446, CVE-2023-7024
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23449
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23450
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-37285, CVE-2024-37288
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-43706, CVE-2025-2135, CVE-2025-25012 (Kibana)
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-43709, CVE-2024-52973, CVE-2024-43710, CVE-2024-43707, CVE-2024-52972, CVE-2024-43708
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2025-25012
- Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2025-25014, CVE-2024-52979, CVE-2024-11390, CVE-2025-25016
- Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement for OpenSSL CVE-2022-3786 and CVE-2022-3602, OpenSSL version 3.0.7
- Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement for Oracle July Critical Patch Update CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
- Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement regarding CVE-2022-1471
- Follow-Up Security Alert for LSV-412 and LSV-545
- Liferay Cloud Security Alert: June 2019
- Liferay Enterprise Search Support Alert: Action Required by June 24 2019
- Liferay SaaS Security Alert: March 2020
- Liferay Security Alert: 2018 August
- Liferay Security Alert: 2019 January
- Liferay Security Alert: 2019 June
- Liferay Security Alert: 2019 November
- Liferay Security Alert: 2019 October
- Liferay Security Alert: 2020 February
- Liferay Security Alert: 2020 July
- Liferay Security Alert: 2020 March
- Liferay Security Alert: 2020 May
- Liferay Security Alert: 2021 April
- Liferay Security Alert: 2022 April
- Liferay Security Alert: December 2018
- Liferay Security Alert for Liferay DXP
- Liferay’s Statement about CVE-2021-44228 (Log4j vulnerability)
- Liferay’s Statement about recent Log4j vulnerabilities
- Reminder: Follow-Up Security Alert for LSV-412 and LSV-545
- Spring4Shell and Spring Cloud Security Advisory
- TLS 1.0 Disabled for Inbound Traffic on Liferay Services and Websites
- Update: Log4j Security Advisory
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-1364
The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.
Vulnerability Information
Kibana reporting vulnerability (ESA-2022-12)
A type confusion vulnerability was discovered in the headless Chromium browser that Kibana relies on for its reporting capabilities.
This issue affects only on-premises Kibana installations on host Operating Systems where Chromium sandbox is disabled 8 (only CentOS, Debian).
This issue does not affect Elastic Cloud, as the Chromium sandbox is enabled by default and cannot be disabled.
Affected Versions:
Kibana versions 7.0.0 through 7.17.7 and 8.0.0 through 8.4.3
Solutions and Mitigations:
The issue is fixed in Kibana versions 8.5.0 and 7.17.8.
If you are unable to upgrade, you can:
- Disable Kibana reporting functionality completely with
xpack.reporting.enabled: falsein your kibana.yml file
CVSSv3.1: 8.8 (High) AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE ID: CVE-2022-1364
Search Engine Compatibility Matrix
Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.
Source
https://discuss.elastic.co/t/7-17-8-8-5-0-security-update/320920/1
Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.
On this page