Lucene search
K

4 matches found

Elastic
Elastic
added 2026/01/13 8:54 p.m.14 views

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05)

External Control of File Name or Path and Server-Side Request Forgery SSRF in Kibana Google Gemini Connector ESA-2026-05 External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially...

8.6CVSS5.7AI score0.00417EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.18 views

Kibana 7.17.6 < 7.17.24 / 8.4.x < 8.12.0 XSS (ESA-2024-20)

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim's browser XSS via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices. Note that Nessus has n...

5.4CVSS6.1AI score0.0027EPSS
Exploits0References2
Elastic
Elastic
added 2025/05/06 4:29 p.m.9 views

Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)

Kibana arbitrary code execution via prototype pollution ESA-2025-07 A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5, and 8.18.0, and 9.0.0 Affected...

9.8CVSS7.8AI score0.15174EPSS
Exploits2
Elastic
Elastic
added 2023/02/16 10:56 p.m.8 views

Kibana 7.17.9 and 8.6.2 Security Update

Kibana open redirect issue ESA-2023-03 An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. Affected Versions: Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.1 Solutions and...

6.1CVSS6.3AI score0.00513EPSS
Exploits0
Rows per page
Query Builder