CVE-2022-23707: XSS
First published: Fri Feb 11 2022(Updated: )
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Kibana | >=7.5.1<7.17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the XSS vulnerability found in Kibana index patterns?
The vulnerability ID of the XSS vulnerability found in Kibana index patterns is CVE-2022-23707.
What is the impact of the XSS vulnerability in Kibana index patterns?
The XSS vulnerability in Kibana index patterns allows an authenticated user to inject malicious JavaScript into the index pattern, which can be executed by other users.
Who is affected by the XSS vulnerability in Kibana index patterns?
Users of Elastic Kibana versions between 7.5.1 and 7.17.0 are affected by the XSS vulnerability in Kibana index patterns.
How severe is the XSS vulnerability in Kibana index patterns?
The severity of the XSS vulnerability in Kibana index patterns is medium, with a CVSS score of 5.4.
Is there a fix available for the XSS vulnerability in Kibana index patterns?
Yes, Elastic has released a security update in Kibana version 7.17.0 to address the XSS vulnerability in index patterns.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/elastic
- canonical/elastic kibana
- version/elastic kibana/7.5.1