CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

CVE-2021-22150

KVE-2021-22150 affects Elastic Kibana. A Fleet admin could upload a malicious package, which is loaded insecurely due to an older js-yaml library, enabling command execution on the Kibana server. The vulnerability stems from the insecure handling of uploaded packages and the outdated dependency. ...

CVE-2021-22150 Kibana code execution issue

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

PT-2023-12040 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A security issue was found where a user with Fleet admin permissions could upload a malicious package. This package would be loaded in an insecure manner due to the use of an older version o...