Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ElasticKibana

3 matches found

CVE
CVEadded 2023/11/22 1:15 a.m.52 views

CVE-2021-22151

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

4.3CVSS4.1AI score0.00803EPSS
CVE
CVEadded 2023/11/22 1:15 a.m.39 views

CVE-2021-22150

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

7.2CVSS6.7AI score0.00162EPSS
CVE
CVEadded 2023/11/22 1:15 a.m.32 views

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct...

8.8CVSS7.8AI score0.0047EPSS