Lucene search
+L

8 matches found

OSV
OSV
added 2023/11/22 1:15 a.m.7 views

CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

7.2CVSS7AI score
Exploits0References2
CVE
CVE
added 2023/11/22 12:30 a.m.54 views

CVE-2021-22150

KVE-2021-22150 affects Elastic Kibana. A Fleet admin could upload a malicious package, which is loaded insecurely due to an older js-yaml library, enabling command execution on the Kibana server. The vulnerability stems from the insecure handling of uploaded packages and the outdated dependency. ...

7.2CVSS6.7AI score0.01154EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 12:30 a.m.43 views

CVE-2021-22150 Kibana code execution issue

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

6.6CVSS7.3AI score0.01154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/22 12:30 a.m.20 views

CVE-2021-22150 Kibana code execution issue

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

6.6CVSS7.1AI score0.01154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.50 views

Kibana 7.9.0 < 7.14.1 Path Traversal

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

7.2CVSS5.4AI score0.01154EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.50 views

Kibana 7.14.0 HTML Injection

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

7.2CVSS5.4AI score0.01154EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.61 views

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

7.2CVSS5.4AI score0.01154EPSS
Exploits0References5
Elastic
Elastic
added 2021/09/01 4:10 p.m.7 views

Elastic Stack 7.14.1 Security Update

Kibana code execution issue ESA-2021-21 It was discovered that a user with fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the kibana...

9.8CVSS8AI score0.21952EPSS
Exploits3
Rows per page
Query Builder