5 matches found
Security Bulletin: IBM Cloud Private is vulnerable to Kibana vulnerabilities (CVE-2020-7015, CVE-2020-7013, CVE-2020-7012)
Summary IBM Cloud Private is vulnerable to Kibana vulnerabilities Vulnerability Details CVEID: CVE-2020-7015 DESCRIPTION: Elastic Kibana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in TSVB visualization. A remote attacker could exploit this...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.8 security update
An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security ha...
Photon OS 1.0: Kibana PHSA-2020-1.0-0306
An update of the kibana package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0306. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13844...
Photon OS 2.0: Kibana PHSA-2020-2.0-0255
An update of the kibana package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0255. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13787...
CVE-2020-7015
CVE-2020-7015 affects Kibana via a stored XSS flaw in the TSVB visualization. The issue exists in Kibana versions prior to 6.8.9 and 7.7.0, where editing or creating TSVB visualizations could allow an attacker to access sensitive information or perform destructive actions on behalf of Kibana user...