EUVD-2021-9297

Malicious code in bioql PyPI...

CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

Code injection

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

CVE-2021-22150

KVE-2021-22150 affects Elastic Kibana. A Fleet admin could upload a malicious package, which is loaded insecurely due to an older js-yaml library, enabling command execution on the Kibana server. The vulnerability stems from the insecure handling of uploaded packages and the outdated dependency. ...

PT-2023-12040 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A security issue was found where a user with Fleet admin permissions could upload a malicious package. This package would be loaded in an insecure manner due to the use of an older version o...

Elastic Kibana Code Injection Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. Elastic Kibana suffers from a security vulnerability that stems from the use of an old version of the...