Lucene search
K

11 matches found

Snyk
Snyk
added 2026/05/28 10:44 p.m.6 views

Improper Validation of Specified Type of Input

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the Fleet agent policy management. An attacker can gain unauthorized read and...

8.5CVSS5.3AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:51 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the bulk retrieval endpoint. An attacker can exhaust system memory and...

7.1CVSS6.8AI score0.00416EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 10:45 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the handling of HTTP requests. An attacker can exhaust computing...

7.1CVSS6.5AI score0.00271EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/12 9:57 a.m.2 views

Origin Validation Error

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...

5.3CVSS6.8AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/07 2:43 p.m.6 views

Insufficiently Protected Credentials

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the CrowdStrike connector. An attacker can obtain CrowdStrike credentials by accessing...

5.4CVSS7.1AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/28 4:42 p.m.2 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the built-in reportinguser role, which is incorrectly grants access to all Spaces. An attacker can gai...

7.1CVSS7.1AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.12 views

Kibana 7.17.x < 7.17.19 / 8.0.x < 8.13.0 File Upload (ESA-2024-47)

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

4.3CVSS5.4AI score0.00274EPSS
Exploits0References2
Elastic
Elastic
added 2023/02/03 2:30 p.m.10 views

Elastic 7.17.9, 8.5.0 and 8.6.1 Security Update

Kibana authenticated Denial of Service issue ESA-2023-02 A flawCVE-2022-38900 was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to to perform a request that crashes the Kibana server process. Affected Versions: Kibana Versions 7.0.0 through 7.17.8...

7.8CVSS6.8AI score0.24928EPSS
Exploits1
Elastic
Elastic
added 2021/09/01 4:10 p.m.6 views

Elastic Stack 7.14.1 Security Update

Kibana code execution issue ESA-2021-21 It was discovered that a user with fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the kibana...

9.8CVSS8AI score0.21952EPSS
Exploits3
Elastic
Elastic
added 2020/07/27 5:9 p.m.8 views

Elastic Stack 6.8.11 and 7.8.1 security update

Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...

6.7CVSS8.2AI score0.0122EPSS
Exploits0
Elastic
Elastic
added 2020/06/03 2:16 p.m.8 views

Elastic Stack 7.7.1 and 6.8.10 Security Update

Kibana cross site scripting XSS issue ESA-2020-08 The TSVB visualization in Kibana contains a stored XSS flaw. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users wh...

5.4CVSS5.4AI score0.00779EPSS
Exploits0
Rows per page
Query Builder