Kibana Security Vulnerabilities and Issues — Kibana CVE List

Lucene search

ElasticKibana

4 matches found

CVE•added 2018/03/30 8:29 p.m.•55 views

CVE-2018-3819

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

6.1CVSS6.1AI score0.00213EPSS

CVE•added 2018/03/30 8:29 p.m.•54 views

CVE-2018-3821

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1CVSS5.9AI score0.00375EPSS

CVE•added 2018/03/30 8:29 p.m.•50 views

CVE-2018-3820

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1CVSS6AI score0.00353EPSS

CVE•added 2018/03/30 8:29 p.m.•49 views

CVE-2018-3818

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1CVSS6AI score0.00353EPSS