Moderate severityNVD Advisory· Published Nov 18, 2021· Updated Aug 4, 2024
CVE-2021-37939
CVE-2021-37939
Description
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kibananpm | >= 7.8.0, < 7.15.2 | 7.15.2 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-hp5f-qqrw-c8gjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-37939ghsaADVISORY
- discuss.elastic.co/t/kibana-7-15-2-security-update/288923ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.