EUVD-2020-28152

Malware in sbrugna...

SUSE CVE-2020-7013

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissio...

SUSE CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.8 security update

An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security ha...

CVE-2020-7013

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissio...

Elastic Kibana < 6.8.10, 7.x < 7.7.1 XSS Vulnerability - Linux

Kibana is prone to a cross-site scripting vulnerability in the TSVB visualization. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Elastic Kibana < 6.8.10, 7.x < 7.7.1 XSS Vulnerability - Windows

Kibana is prone to a cross-site scripting vulnerability in the TSVB visualization. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS. The vulnerability exists as the less dependency, used in the TSVB visualization, allows parsing of javascript code in panelconfig/markdown.js...

Elasticsearch Kibana Code Injection Vulnerability

Elasticsearch Kibana is a suite of open source, browser-based analytics and search Elasticsearch dashboard tools from Elasticsearch Netherlands. A code injection vulnerability exists in TSVB in Elasticsearch Kibana versions prior to 6.8.9 and prior to 7.7.0. An attacker can exploit this...

CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

CVE-2020-7013

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissio...

Design/Logic Flaw

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissio...

Cross site scripting

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

CVE-2020-7013

CVE-2020-7013 refers to a prototype pollution flaw in Kibana TSVB affecting versions before 6.8.9 and 7.7.0, enabling an authenticated attacker with TSVB-visualization creation privileges to cause Kibana to execute arbitrary code with Kibana process permissions. The connected documentation corrob...

CVE-2020-7015

CVE-2020-7015 affects Kibana via a stored XSS flaw in the TSVB visualization. The issue exists in Kibana versions prior to 6.8.9 and 7.7.0, where editing or creating TSVB visualizations could allow an attacker to access sensitive information or perform destructive actions on behalf of Kibana user...

CVE-2020-7013

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissio...

CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB...

Elastic Stack 7.7.1 and 6.8.10 Security Update

Kibana cross site scripting XSS issue ESA-2020-08 The TSVB visualization in Kibana contains a stored XSS flaw. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users wh...

Elastic: Stored XSS in TSVB Visualizations Markdown Panel

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: An authenticated user can save...