13 matches found
CVE-2026-49088
Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...
EUVD-2023-35730
Malicious code in bioql PyPI...
EUVD-2023-50864
Malicious code in bioql PyPI...
EUVD-2023-50862
Malicious code in bioql PyPI...
Elastic Kibana 7.13.0 < 7.17.16, 8.0 < 8.11.2 Information Disclosure (ESA-2023-27)
The version of the Elastic Kibana instance on the remote host is 7.13.0 prior to 7.17.16 or 8.0 prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. In the event of an infrequent error returned from an Elasticsearch cluster, in cases where there is user...
CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...
CVE-2023-46671 Kibana Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...
Elastic Kibana Log Information Disclosure Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 8.0.0 through 8.11.1, which...
Kibana 8.11.2, 7.17.16 Security Update (ESA-2023-27)
Kibana Insertion of Sensitive Information into Log File ESA-2023-27 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which...
Elastic Kibana 8.x < 8.11.1 Information Disclosure (ESA-2023-25)
The version of the Elastic Kibana instance on the remote host is 8.x prior to 8.11.1. It is, therefore, affected by an information disclosure vulnerability. In the event of an infrequent error returned from an Elasticsearch cluster, in cases where there is user interaction and an unhealthy cluste...
Kibana 8.11.1 Security Update (ESA-2023-25)
Kibana Insertion of Sensitive Information into Log File ESA-2023-25 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may...
CVE-2023-31422
A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...
SUSE CVE-2023-31422
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...