Kibana Security Vulnerabilities and Issues — Kibana CVE List

Lucene search

ElasticKibana

3 matches found

CVE•added 2020/06/03 6:15 p.m.•83 views

CVE-2020-7013

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions...

7.2CVSS7.8AI score0.00504EPSS

CVE•added 2020/06/03 6:15 p.m.•67 views

CVE-2020-7012

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executin...

8.8CVSS8.7AI score0.45801EPSS

CVE•added 2020/06/03 6:15 p.m.•65 views

CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visu...

5.4CVSS5.8AI score0.00401EPSS