Bitnami package
kibana
pkg:bitnami/kibana
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37281 | — | >= 7.0.0, < 7.17.23 | 7.17.23 | Jul 30, 2024 | An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. | ||
| CVE-2024-23443 | — | < 8.14.0 | 8.14.0 | Jun 19, 2024 | A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | ||
| CVE-2024-23442 | — | < 7.17.22 | 7.17.22 | Jun 14, 2024 | An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | ||
| CVE-2024-37279 | — | >= 8.6.3, < 8.14.0 | 8.14.0 | Jun 13, 2024 | A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | ||
| CVE-2020-7017 | — | < 6.8.11 | 6.8.11 | Jul 27, 2020 | In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the reg | ||
| CVE-2020-7016 | — | < 6.8.11 | 6.8.11 | Jul 27, 2020 | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. |
- CVE-2024-37281Jul 30, 2024affected >= 7.0.0, < 7.17.23fixed 7.17.23
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.
- CVE-2024-23443Jun 19, 2024affected < 8.14.0fixed 8.14.0
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
- CVE-2024-23442Jun 14, 2024affected < 7.17.22fixed 7.17.22
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
- CVE-2024-37279Jun 13, 2024affected >= 8.6.3, < 8.14.0fixed 8.14.0
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
- CVE-2020-7017Jul 27, 2020affected < 6.8.11fixed 6.8.11
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the reg
- CVE-2020-7016Jul 27, 2020affected < 6.8.11fixed 6.8.11
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
Page 3 of 3