Lucene search
GoogleOSV:CVE-2021-37938HistoryNov 18, 2021 - 4:15 p.m.
CVE-2021-37938
2021-11-1816:15:08
Google
osv.dev
2
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability.
Related
cve
cve
CVE-2021-37938
2021-11-18 16:15:08
openvas
openvas
Elastic Kibana Directory Traversal Vulnerability (ESA-2021-26)
2021-11-17 00:00:00
nvd
nvd
CVE-2021-37938
2021-11-18 16:15:08
prion
prion
Design/Logic Flaw
2021-11-18 16:15:00
cvelist
cvelist
CVE-2021-37938
2021-11-18 15:06:45
nessus
nessus
Kibana 7.8.0 < 7.15.2 Multiple Vulnerabilities
2023-01-11 00:00:00