8 matches found
CVE-2021-22150
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
CVE-2021-22150
KVE-2021-22150 affects Elastic Kibana. A Fleet admin could upload a malicious package, which is loaded insecurely due to an older js-yaml library, enabling command execution on the Kibana server. The vulnerability stems from the insecure handling of uploaded packages and the outdated dependency. ...
CVE-2021-22150 Kibana code execution issue
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
CVE-2021-22150 Kibana code execution issue
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
Kibana 7.9.0 < 7.14.1 Path Traversal
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Kibana 7.14.0 HTML Injection
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Kibana 7.10.2 < 7.14.1 Code Execution
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Elastic Stack 7.14.1 Security Update
Kibana code execution issue ESA-2021-21 It was discovered that a user with fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the kibana...