18 matches found
Kibana 8.x < 8.19.13 / 9.x < 9.2.7 / 9.3.x < 9.3.2 DoS (ESA-2026-20)
The version of Kibana installed on the remote host is prior to 8.19.13, 9.2.7, or 9.3.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-20 advisory. - Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead...
EUVD-2017-17402
Malware in sbrugna...
EUVD-2016-1546
Malware in sbrugna...
EUVD-2015-8910
Malware in sbrugna...
EUVD-2023-35726
Malicious code in bioql PyPI...
Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File
According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level...
Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File
According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error. Note that the scanner has not tested for these issues but has...
PT-2025-9821
Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...
Design/Logic Flaw
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...
CVE-2023-31415
Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of t...
Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.2 Open Redirect Vulnerability (ESA-2023-03)
Kibana is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...
Kibana 6.7.0 < 7.7.0 Prototype Pollution
According to its self-reported version number, the Kibana application running on the remote host is 6.7.0 prior to 7.0.0. It is, therefore, affected by : - A Prototype Pollution in Upgrade Assistant CVE-2020-7012 - A Prototype Pollution in TSVB visualizartion CVE-2020-7013 Note that the scanner h...
Kibana 8.0.0 < 8.1.3 Sensitive Information Exposure
According to its self-reported version number, the Kibana application running on the remote host is 7.2.1 prior to 7.17.2 or 8.0.0 prior to 8.1.3. It is, therefore, affected by : - A Sensitive Information Exposure related to Elastic Stack monitoring in the Kibana page source CVE-2022-23711 Note...
Kibana 7.7.0 < 7.17.1 Insufficient Authorization
According to its self-reported version number, the Kibana application running on the remote host is 7.7.0 prior to 7.17.1 or 8.0.0. It is, therefore, affected by : - A missing authorization issue in which users with read access to the Uptime feature could modify alerting rules CVE-2022-23709 Note...
Elastic Stack 6.8.11 and 7.8.1 security update
Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...
SUSE-SU-2020:0081-1 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client
This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential...
CVE-2017-8439
Kibana version 5.4.0 was affected by a Cross Site Scripting XSS bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users...
Kibana 4.4.2, 4.3.3, 4.1.6 - Updated node.js versions due to upstream vulnerabilities
Same deal as last month, but we've bumped all 3 version to node v4.3.2 to cover security issues in node.js. You can read their maintenance announcement here: https://nodejs.org/en/blog/release/v4.3.2/ Check out the blog post with release notes or grab the latest version...