Latest elastic kibana Vulnerabilities

CVE-2024-23446
Kibana Broken Access Control issue
Elastic Kibana>=8.0.0<8.12.1
CVE-2023-46675
Kibana Insertion of Sensitive Information into Log File
Elastic Kibana>=7.13.0<7.17.16
Elastic Kibana>=8.0.0<8.11.2
CVE-2023-46671
Kibana Insertion of Sensitive Information into Log File
Elastic Kibana>=8.0.0<8.11.1
CVE-2021-22142
Kibana Reporting vulnerabilities
Elastic Kibana>=7.0.0<7.13.0
CVE-2021-22151
Kibana path traversal issue
Elastic Kibana>=7.9.0<=7.14.0
CVE-2021-22150
Kibana code execution issue
Elastic Kibana>=7.10.2<7.14.1
CVE-2023-31422
Kibana Insertion of Sensitive Information into Log File
Elastic Kibana=8.10.0
CVE-2023-31414
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execut...
Elastic Kibana>=8.0.0<=8.7.0
CVE-2023-31415
Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This...
Elastic Kibana=8.7.0
CVE-2022-38779
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Elastic Kibana>=7.0.0<7.17.9
Elastic Kibana>=8.0.0<8.6.2
CVE-2022-38778
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
Decode-uri-component Project Decode-uri-component<0.2.1
Elastic Kibana>=7.0.0<7.17.9
Elastic Kibana>=8.0.0<8.6.1
CVE-2021-37936
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inj...
Elastic Kibana<7.14.1
CVE-2021-22141
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary websit...
Elastic Kibana<6.8.16
Elastic Kibana>=7.0.0<7.13.0
CVE-2022-23713
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
Elastic Kibana>=7.0.0<7.17.5
Elastic Kibana>=8.0.0<=8.2.3
CVE-2022-23711
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the healt...
Elastic Kibana>=7.2.1<7.17.3
Elastic Kibana>=8.0.0<8.1.3
CVE-2022-23710
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s ...
Elastic Kibana>=7.15.0<=7.17.0
Elastic Kibana=8.0.0
CVE-2022-23709
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite ex...
Elastic Kibana>=7.7.0<7.17.1
Elastic Kibana=8.0.0
CVE-2022-23707
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index patter...
Elastic Kibana>=7.5.1<7.17.0
CVE-2021-37939
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vu...
Elastic Kibana>=7.8.0<7.15.2
CVE-2021-37938
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily trave...
Elastic Kibana>=7.9.0<7.15.2
CVE-2021-22139
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create...
Elastic Kibana<7.12.1
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background poll...
Elastic Kibana<6.8.15
Elastic Kibana>=7.0.0<7.12.0
CVE-2020-27816
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana consol...
redhat/elasticsearch-operator-container<4.7
Elastic Kibana<=4.7
Redhat Openshift Container Platform=4.0
CVE-2020-7012
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data ...
Elastic Kibana>=6.7.0<=6.8.8
Elastic Kibana>=7.0.0<=7.6.2
CVE-2020-7013
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to ...
redhat/kibana<7.7.0
redhat/kibana<6.8.9
Elastic Kibana<6.8.9
Elastic Kibana>=7.0.0<7.7.0
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.0
CVE-2020-7015
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive...
redhat/kibana<7.7.1
redhat/kibana<6.8.10
Elastic Kibana<6.8.10
Elastic Kibana>=7.0.0<7.7.1
CVE-2020-10743
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to...
Elastic Kibana
Redhat Openshift Container Platform=3.11.286
Redhat Openshift Container Platform=4.6.1
CVE-2019-7618
Elastic Kibana=7.3.0
Elastic Kibana=7.3.1
Elastic Kibana=7.3.2
CVE-2019-7609
Kibana Arbitrary Code Execution
Elastic Kibana<5.6.15
Elastic Kibana>=6.0.0<6.6.1
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
redhat/kibana<5.6.15
redhat/kibana<6.6.1
and 1 more
CVE-2019-7608
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of oth...
redhat/kibana<5.6.15
redhat/kibana<6.6.1
Elastic Kibana<5.6.15
Elastic Kibana>=6.0.0<6.6.1
CVE-2019-7610
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could sen...
redhat/kibana<5.6.15
redhat/kibana<6.6.1
Elastic Kibana<5.6.15
Elastic Kibana>=6.0.0<6.6.1
CVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintex...
Elastic Kibana>=4.0.0<=4.6.0
Elastic Kibana>=5.0.0<=5.6.12
Elastic Kibana>=6.0.0<=6.4.2
CVE-2018-3830
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive ac...
Elastic Kibana>=5.3.0<=6.4.1
Redhat Openshift Container Platform=3.11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203