CVE-2018-3818: XSS
First published: Fri Mar 30 2018(Updated: )
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Kibana | >=5.1.1<=6.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Kibana vulnerability?
The vulnerability ID for this Kibana vulnerability is CVE-2018-3818.
What is the severity of CVE-2018-3818?
The severity of CVE-2018-3818 is medium with a severity value of 6.1.
How does CVE-2018-3818 affect Kibana?
CVE-2018-3818 affects Kibana versions 5.1.1 to 6.1.2 and 5.6.6.
What is the impact of CVE-2018-3818?
CVE-2018-3818 allows an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
How can I fix CVE-2018-3818?
To fix CVE-2018-3818, it is recommended to update Kibana to a version higher than 6.1.2 or 5.6.6.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/tags
- agent/event
- vendor/elastic
- canonical/elastic kibana
- version/elastic kibana/5.1.1
- version/elastic kibana/6.1.2