VYPR

Kibana

by Elastic

npm: kibana

Source repositories

CVEs (115)

  • CVE-2021-37938Nov 18, 2021
    risk 0.00cvss epss 0.01

    It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks…

  • CVE-2021-22139May 13, 2021
    risk 0.00cvss epss 0.01

    Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana…

  • CVE-2021-22136May 13, 2021
    risk 0.00cvss epss 0.00

    In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions,…

  • CVE-2020-27816Dec 2, 2020
    risk 0.00cvss epss 0.01

    The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource.…

  • CVE-2020-7016Jul 27, 2020
    risk 0.00cvss epss 0.01

    Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

  • CVE-2020-7017Jul 27, 2020
    risk 0.00cvss epss 0.01

    In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the…

  • CVE-2020-7015Jun 3, 2020
    risk 0.00cvss epss 0.01

    Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users…

  • CVE-2020-7013Jun 3, 2020
    risk 0.00cvss epss 0.02

    Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code…

  • CVE-2019-7621Dec 18, 2019
    risk 0.00cvss epss 0.01

    Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that…

  • CVE-2019-7616Jul 30, 2019
    risk 0.00cvss epss 0.02

    Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could…

  • CVE-2019-7610Mar 25, 2019
    risk 0.00cvss epss 0.04

    Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly…

  • CVE-2019-7608Mar 25, 2019
    risk 0.00cvss epss 0.01

    Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • CVE-2018-17245Dec 20, 2018
    risk 0.00cvss epss 0.01

    Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an…

  • CVE-2015-8131Dec 7, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-4093Jun 15, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 6 of 6