CVE-2022-38778: Input Validation
First published: Wed Feb 08 2023(Updated: )
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Decode-uri-component Project Decode-uri-component | <0.2.1 | |
| Elastic Kibana | >=7.0.0<7.17.9 | |
| Elastic Kibana | >=8.0.0<8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2022-38778.
What is the severity level of CVE-2022-38778?
The severity level of CVE-2022-38778 is medium with a score of 6.5.
Which software is affected by CVE-2022-38778?
The software affected by CVE-2022-38778 includes Kibana versions between 7.0.0 and 7.17.9, as well as versions between 8.0.0 and 8.6.1.
What can an authenticated user do with CVE-2022-38778?
An authenticated user can perform a request that crashes the Kibana server process using CVE-2022-38778.
How can I fix CVE-2022-38778?
To fix CVE-2022-38778, it is recommended to update to a patched version of Kibana. Please refer to the Elastic Security Update page for more information.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/decode-uri-component project
- canonical/decode-uri-component project decode-uri-component
- vendor/elastic
- canonical/elastic kibana
- version/elastic kibana/7.0.0
- version/elastic kibana/8.0.0