Elastic Program Statistics

View program

7 total issues disclosed

$23,344 total paid publicly

Most disclosed (1 disclosures) — Cross-site Scripting (XSS) - DOM

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Fix for CVE-2021-22151 (Kibana path traversal issue) can be bypassed on Windows Path Traversal dee-see Low 2021-11-15
CVE-2021-40870 on [52.204.160.31] Code Injection fdeleite Critical 2021-10-06
Critical || Unrestricted access to private Github repos and properties of Elastic through leaked token of Elastic employee Cleartext Storage of Sensitive Information prateek_0490 Critical 2021-09-01
Prototype Pollution leads to XSS on https://blog.swiftype.com/#__proto__[asd]=alert(document.domain) Cross-site Scripting (XSS) - DOM s1r1u5 High 2021-08-16
Improper authorization on `/api/as/v1/credentials/` for Dev Role User with Limited Engine Access Improper Access Control - Generic superman85 High 2021-08-03
[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>` Cross-site Scripting (XSS) - Stored superman85 High 2021-08-03
RCE hazard in reporting (via Chromium) Privilege Escalation alexbrasetvik Critical 2021-05-26