CVE-2020-7015

2020-06-19T15:55:11
ID RH:CVE-2020-7015
Type redhatcve
Reporter redhat.com
Modified 2021-04-28T22:15:30

Description

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.

Mitigation

To mitigate this vulnerability you can set "metrics.enabled: false" in kibana.yml