CVE-2018-3820: XSS
First published: Fri Mar 30 2018(Updated: )
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Kibana | >6.1.0<6.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Kibana vulnerability?
The vulnerability ID for this Kibana vulnerability is CVE-2018-3820.
What is the severity of this vulnerability?
The severity of this vulnerability is medium with a CVSS score of 6.1.
What is the affected software?
The affected software is Elastic Kibana versions after 6.1.0 and before 6.1.3.
What is the description of this vulnerability?
This vulnerability is a cross-site scripting (XSS) vulnerability in labs visualizations in Kibana, which could allow an attacker to obtain sensitive information or perform destructive actions on behalf of other Kibana users.
How can I fix this vulnerability?
To fix this vulnerability, you should upgrade your Elastic Kibana to version 6.1.3 or later.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elastic
- canonical/elastic kibana