OpenSearch vulnerable to improper authorization for Rollover Requests

Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...

How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...

GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23710

CVE-2022-23710 is an XSS vulnerability in Kibana’s Data Preview Pane (Index Pattern Preview Pane). The issue stems from insufficient input filtering/escaping, allowing arbitrary JavaScript in a victim’s browser. Affected products/versions include Kibana self-managed 7.15.x (and related Elastic St...

Cross-site Scripting (XSS)

kibana is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the index pattern allowing an attacker to inject maliciously crafted script via the index pattern...