7 matches found
Photon OS 1.0: Kibana PHSA-2020-1.0-0301
An update of the kibana package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0301. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13763...
Exploit for Server-Side Request Forgery in Elastic Kibana
CVE-2019-7616 PO...
Photon OS 3.0: Kibana PHSA-2020-3.0-0088
An update of the kibana package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0088. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136578;...
Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Linux
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Windows
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-7616
CVE-2019-7616 affects Kibana prior to 6.8.2 and 7.2.1, where the graphite integration in Timelion is vulnerable to server-side request forgery (SSRF). The issue arises when an admin can set timelion:graphite.url to an arbitrary URL, potentially allowing the Kibana process to access external resou...
Elastic Stack 6.8.2 and 7.2.1 security update
Elasticsearch race condition flaw ESA-2019-07 A race condition flaw was found in the response headers Elasticsearch returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from...