First published: Mon Mar 25 2019(Updated: )
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Credit: bressers@elastic.co bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic Kibana | <5.6.15 | |
Elastic Kibana | >=6.0.0<6.6.1 | |
redhat/kibana | <5.6.15 | 5.6.15 |
redhat/kibana | <6.6.1 | 6.6.1 |
<5.6.15 | ||
>=6.0.0<6.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7608 is a cross-site scripting (XSS) vulnerability in Kibana versions before 5.6.15 and 6.6.1.
CVE-2019-7608 allows an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
The severity of CVE-2019-7608 is medium, with a CVSS score of 6.1.
To fix CVE-2019-7608, update Kibana to version 5.6.15 if you are using versions before 5.6.15, or update to version 6.6.1 if you are using versions between 6.0.0 and 6.6.1.
You can find more information about CVE-2019-7608 at the following references: [link1](https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077), [link2](https://access.redhat.com/errata/RHSA-2019:2860), [link3](https://access.redhat.com/security/cve/cve-2019-7608).