7 matches found
Security Bulletin: IBM Cloud Private is vulnerable to Elastic Kibana vulnerabilities (CVE-2020-7016,CVE-2020-7017 )
Summary IBM Cloud Private is vulnerable to Elastic Kibana vulnerabilities Vulnerability Details CVEID: CVE-2020-7016 DESCRIPTION: Elastic Kibana is vulnerable to a denial of service, caused by a vulnerability in Timelion. By persuading a victim to visit a specially crafted URL, a remote attacker...
Photon OS 1.0: Kibana PHSA-2020-1.0-0321
An update of the kibana package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0321. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14163...
Photon OS 3.0: Kibana PHSA-2020-3.0-0135
An update of the kibana package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0135. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid140411;...
CVE-2020-7017
A stored Cross-site scripting XSS flaw was found in the region map visualization in kibana. This flaw allows an attacker who can edit or create a region map visualization to obtain sensitive information or perform destructive actions on behalf of kibana users who view the region map visualization...
Elastic Kibana < 6.8.11, 7.x < 7.8.1 Multiple Vulnerabilities - Linux
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...
Elastic Kibana < 6.8.11, 7.x < 7.8.1 Multiple Vulnerabilities - Windows
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...
CVE-2020-7017
CVE-2020-7017 is a stored XSS in the Kibana region map visualization, affecting Kibana before 6.8.11 and 7.8.1. An attacker who can edit/create a region map could execute scripts in viewers’ browsers and potentially access or perform actions on behalf of Kibana users. Remediation in the public ad...