VYPR
Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Aug 3, 2024

CVE-2022-23711

CVE-2022-23711

Description

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elastic/Kibanallm-fuzzy2 versions
    <7.17.3, <8.1.3+ 1 more
    • (no CPE)range: <7.17.3, <8.1.3
    • (no CPE)range: Versions 7.2.1 through 7.17.2 & 8.0.0 through 8.1.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.