17 matches found
Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.1 DoS (ESA-2026-32)
The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-32 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-13...
Kibana 9.2.8, and 9.3.2 Security Update (ESA-2026-37)
Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted...
Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13)
Improper Input Validation in Kibana Leading to Denial of Service Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153 Affected Versions: 8.x: All versions from 8.4.0 up to and including 8.19....
Kibana 7.10.x < 7.17.30 / 8.x < 8.19.10 / 9.1.x < 9.1.10 / 9.2.x < 9.2.4 (ESA_2026_03)
The version of Kibana installed on the remote host is prior to 8.19.10, 9.1.10, or 9.2.4. It is, therefore, affected by a vulnerability as referenced in the ESA202603 advisory. - An allocation of resources without limits or throttling vulnerability in Kibana Fleet leads to excessive resource...
Origin Validation Error
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...
EUVD-2020-28153
Malware in sbrugna...
EUVD-2016-1548
Malware in sbrugna...
EUVD-2017-3099
Malware in sbrugna...
EUVD-2018-9004
Malware in sbrugna...
EUVD-2021-9290
Malicious code in bioql PyPI...
Kibana 8.15.x < 8.17.3 Prototype Pollution
According to its self-reported version number, the Kibana application running on the remote host is 8.15.x prior to 8.17.3. It is, therefore, affected by a code execution via a crafted file upload and specifically crafted HTTP requests Note that the scanner has not tested for these issues but has...
Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File
According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.10.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error. Note that the scanner has not tested for these issues but has...
Elastic Kibana 安全漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. A security vulnerability exists in Elastic Kibana versions 8.15.0 through 8.17.1 and 8.17.1 through 8.17.2, which stems from prototype contamination that could lead to the execution of arbitrary code...
Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33)
Kibana allocation of resources without limits or throttling leads to crash ESA-2024-33 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the...
PT-2023-8930 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...
PT-2019-18668 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1 Description: The issue is related to a server side request forgery SSRF flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could s...
PT-2018-16215 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions after 5.1.1 and before 5.6.7 Kibana versions before 6.1.3 Description: A cross-site scripting XSS issue was found in the tag cloud visualization, potentially allowing an attacker to obtain sensitive information or perform...