Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113519HistoryJan 11, 2023 - 12:00 a.m.
Kibana 7.15.0 < 7.17.1 Multiple Vulnerabilities
2023-01-1100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
kibana
vulnerabilities
scanner
0.001 Low
EPSS
Percentile
33.6%
According to its self-reported version number, the Kibana application running on the remote host is 7.15.x prior to 7.17.1. It is, therefore, affected by :
-
Privilege Escalation when upgrading from version 6.x to 7.x would disable the in-built protections on the security index (CVE-2022-23708)
-
Cross-Site Scripting in the Data Preview Pane (CVE-2022-23710)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data| Vendor | Product | Version | CPE |
|---|---|---|---|
| elasticsearch | kibana | * | cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:* |
Related
redhatcve
redhatcve
CVE-2022-23708
2022-03-21 16:34:16
CVE-2022-23710
2022-03-21 16:34:24
prion
prion
Code injection
2022-03-03 22:15:00
Cross site scripting
2022-03-03 22:15:00
cvelist
cvelist
CVE-2022-23708
2022-03-03 21:48:14
CVE-2022-23710
2022-03-03 21:51:43
osv
osv
Withdrawn: Cross-site Scripting in Kibana
2022-03-04 00:00:15
CVE-2022-23708
2022-03-03 22:15:08
Elasticsearch privilege escalation
2022-03-04 00:00:15
veracode
veracode
Privilege Escalation
2022-03-09 03:47:40
ubuntucve
ubuntucve
CVE-2022-23708
2022-03-03 00:00:00
cnvd
cnvd
Elasticsearch permission permission and access control issues vulnerability
2022-03-04 00:00:00
openvas
openvas
Elastic Elasticsearch Privilege Escalation Vulnerability (ESA-2022-02)
2022-03-04 00:00:00
Elastic Kibana XSS Vulnerability (ESA-2022-04)
2022-03-04 00:00:00
github
github
Elasticsearch privilege escalation
2022-03-04 00:00:15
Withdrawn: Cross-site Scripting in Kibana
2022-03-04 00:00:15
cve
cve
CVE-2022-23710
2022-03-03 22:15:08
CVE-2022-23708
2022-03-03 22:15:08
nvd
nvd
CVE-2022-23710
2022-03-03 22:15:08
CVE-2022-23708
2022-03-03 22:15:08