\ CVE-2018-3830 - Cross-Site Scripting (XSS) vulnerability in Elasticsearch and Redhat products | Vumetric Cyber Portal

CVE-2018-3830 - Cross-Site Scripting (XSS) vulnerability in Elasticsearch and Redhat products

Publication

2018-09-19

Last modification

2019-10-09

Summary

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Classification

CWE-79 - Cross-Site Scripting (XSS)

Risk level (CVSS AV:N/AC:M/Au:N/C:N/I:P/A:N)

Medium

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None