Veracode Vulnerability DatabaseVERACODE:25967Denial Of Service (DoS)
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:N/I:N/A:P
kibana is vulnerable to denial of service (DoS). The vulnerability exists as the timelion labels could be used to cause slowdowns when parsed through the RegExp object.
References
discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
github.com/elastic/kibana/commit/0d7471f74166abbdf95db0f0bb4079883d083dd7
github.com/elastic/kibana/commit/de358b62f8845cebd1cd3530d9ebf123a89b9b1b
www.elastic.co/community/security#ESA-2020-09
www.elastic.co/community/security/
www.oracle.com//security-alerts/cpujul2021.html
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:N/I:N/A:P