CVE-2021-22151

CVE-2021-22151 (Kibana path traversal) : The Kibana vulnerability arises from not validating a user-supplied path, allowing an attacker to traverse the Kibana host and load internal files ending in the .pbf extension. Public references describe this as a path-traversal flaw that can disclose inte...

CVE-2021-22151 Kibana path traversal issue

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...

CVE-2021-22151 Kibana path traversal issue

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension...

Elastic Kibana Security Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. Elastic Kibana suffers from a security vulnerability that stems from not validating user-supplied paths...

SUSE CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Kibana 7.14.0 HTML Injection

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Design/Logic Flaw

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Coutur...

CVE-2021-37938

CVE-2021-37938 affects Kibana on Windows, where a failure to validate a user-supplied path could cause directory traversal to load internal files ending with .pbf. Affected range per ENISA/Tenable/OSV/NVD entries centers on Kibana versions 7.9.0–7.15.1. Root cause: improper path validation allowi...