4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:N/I:N/A:P
kibana is vulnerable to denial of service (DoS). The vulnerability exists as the timelion labels could be used to cause slowdowns when parsed through the RegExp
object.
discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
github.com/elastic/kibana/commit/0d7471f74166abbdf95db0f0bb4079883d083dd7
github.com/elastic/kibana/commit/de358b62f8845cebd1cd3530d9ebf123a89b9b1b
www.elastic.co/community/security#ESA-2020-09
www.elastic.co/community/security/
www.oracle.com//security-alerts/cpujul2021.html
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:N/I:N/A:P