Lucene search
ElasticCVELIST:CVE-2021-37939HistoryNov 18, 2021 - 3:09 p.m.
CVE-2021-37939
2021-11-1815:09:27
CWE-200
elastic
www.cve.org
1
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.
CNA Affected
[
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "All versions from 7.8.0 through 7.15.1"
}
]
}
]Related
redhatcve
redhatcve
CVE-2021-37939
2021-11-29 05:42:48
prion
prion
Design/Logic Flaw
2021-11-18 16:15:00
osv
osv
CVE-2021-37939
2021-11-18 16:15:08
Kibana Sensitive Data Disclosure
2022-05-24 22:28:42
nvd
nvd
CVE-2021-37939
2021-11-18 16:15:08
openvas
openvas
Elastic Kibana Information Disclosure Vulnerability (ESA-2021-27)
2021-11-17 00:00:00
cve
cve
CVE-2021-37939
2021-11-18 16:15:08
github
github
Kibana Sensitive Data Disclosure
2022-05-24 22:28:42
nessus
nessus
Kibana 7.8.0 < 7.15.2 Multiple Vulnerabilities
2023-01-11 00:00:00