Lucene search

K
ElasticKibana

61 matches found

CVE
CVE
added 2018/03/30 8:29 p.m.49 views

CVE-2018-3818

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1CVSS6AI score0.00375EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.48 views

CVE-2017-8451

With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

6.1CVSS6AI score0.00296EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.47 views

CVE-2016-10366

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.

6.1CVSS5.8AI score0.00265EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.47 views

CVE-2017-8452

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.

7.5CVSS7.4AI score0.00381EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.46 views

CVE-2015-9056

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.

6.1CVSS5.9AI score0.0029EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.45 views

CVE-2016-1000219

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

7.5CVSS7.4AI score0.00678EPSS
CVE
CVE
added 2021/11/18 4:15 p.m.45 views

CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture ...

4.3CVSS4.5AI score0.00273EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.45 views

CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and cre...

8CVSS6.9AI score0.00255EPSS
CVE
CVE
added 2017/06/16 9:29 p.m.39 views

CVE-2016-10365

Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.

6.1CVSS6.1AI score0.00197EPSS
CVE
CVE
added 2023/11/22 1:15 a.m.39 views

CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

7.2CVSS6.7AI score0.00162EPSS
CVE
CVE
added 2023/11/22 1:15 a.m.32 views

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct...

8.8CVSS7.8AI score0.0047EPSS
Total number of security vulnerabilities61