\ CVE-2018-3818 - Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana | Vumetric Cyber Portal

CVE-2018-3818 - Cross-Site Scripting (XSS) vulnerability in Elasticsearch Kibana

Publication

2018-03-30

Last modification

2019-10-09

Summary

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Classification

CWE-79 - Cross-Site Scripting (XSS)

Risk level (CVSS AV:N/AC:M/Au:N/C:N/I:P/A:N)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products