Kibana@* Security Vulnerabilities and Issues — Kibana@* CVE List

Lucene search

ElasticKibana*

8 matches found

CVE•added 2023/02/08 9:15 p.m.•159 views

CVE-2022-38778

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.

6.5CVSS6.5AI score0.00822EPSS

CVE•added 2023/05/04 9:15 p.m.•72 views

CVE-2023-31414

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system ...

8.8CVSS9AI score0.00241EPSS

CVE•added 2023/02/22 12:15 a.m.•65 views

CVE-2022-38779

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

6.1CVSS6.1AI score0.00153EPSS

CVE•added 2023/12/13 7:15 a.m.•54 views

CVE-2023-46675

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account...

8CVSS7AI score0.00221EPSS

CVE•added 2023/11/22 1:15 a.m.•52 views

CVE-2021-22151

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

4.3CVSS4.1AI score0.00803EPSS

CVE•added 2023/12/13 7:15 a.m.•45 views

CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibana_system user, API Keys, and cre...

8CVSS6.9AI score0.00255EPSS

CVE•added 2023/11/22 1:15 a.m.•39 views

CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

7.2CVSS6.7AI score0.00162EPSS

CVE•added 2023/11/22 1:15 a.m.•32 views

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct...

8.8CVSS7.8AI score0.0047EPSS