6 matches found
CVE-2021-22151
CVE-2021-22151 (Kibana path traversal) : The Kibana vulnerability arises from not validating a user-supplied path, allowing an attacker to traverse the Kibana host and load internal files ending in the .pbf extension. Public references describe this as a path-traversal flaw that can disclose inte...
Kibana 7.10.2 < 7.14.1 Code Execution
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Kibana 7.9.0 < 7.14.1 Path Traversal
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Kibana 7.14.0 HTML Injection
According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...
Elastic: Fix for CVE-2021-22151 (Kibana path traversal issue) can be bypassed on Windows
Summary Hello team, I hope you're doing well! I was combing through your GitHub repository to look at the fixes for recent security releases and found the fix for CVE-2021-22151 to be incomplete. The current fix makes assumptions that are true on Linux but that don't hold on Windows. Details The...
Elastic Kibana Path Traversal Vulnerability (ESA-2021-22)
Elastic Kibana is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...