Vulnerabilities > CVE-2021-22136 - Insufficient Session Expiration vulnerability in Elastic Kibana

CVSS 3.5 - LOW

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

low complexity

elastic

CWE-613

NVD

Published: 2021-05-13

Updated: 2021-05-21

Summary

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Kibana 7.0.0 Elastic Kibana 7.0.1 Elastic Kibana 7.1.0 Elastic Kibana 7.1.1 Elastic Kibana 7.2.0 Elastic Kibana 7.2.1 Elastic Kibana 7.3.0 Elastic Kibana 7.3.1 Elastic Kibana 7.3.2 Elastic Kibana 7.3.3 Elastic Kibana 7.3.4 Elastic Kibana 7.3.5 Elastic Kibana 7.3.6 Elastic Kibana 7.4.0 Elastic Kibana 7.4.1 Elastic Kibana 7.4.2 Elastic Kibana 7.5.0 Elastic Kibana 7.5.1 Elastic Kibana 7.5.2 Elastic Kibana 7.6.0 Elastic Kibana 7.6.1 Elastic Kibana 7.6.2 Elastic Kibana 7.7.0 Elastic Kibana 7.7.1 Elastic Kibana 7.8.0 Elastic Kibana 7.8.1 Elastic Kibana 7.9.0 Elastic Kibana 7.9.1 Elastic Kibana 7.9.2 Elastic Kibana 7.9.3 Elastic Kibana 7.10.0 Elastic Kibana 7.10.1 Elastic Kibana 7.10.2 Elastic Kibana 7.11.0 Elastic Kibana 7.11.1 Elastic Kibana 7.11.2 Elastic Kibana - Elastic Kibana 0.4.0 Elastic Kibana 0.5.0 Elastic Kibana 0.5.1 Elastic Kibana 0.6.0 Elastic Kibana 0.7.0 Elastic Kibana 0.7.1 Elastic Kibana 0.8.0 Elastic Kibana 0.9.0 Elastic Kibana 0.10.0 Elastic Kibana 0.11.0 Elastic Kibana 0.12.0 Elastic Kibana 0.12.1 Elastic Kibana 0.13.0 Elastic Kibana 0.13.1 Elastic Kibana 0.14.0 Elastic Kibana 0.14.1 Elastic Kibana 0.14.2 Elastic Kibana 0.14.3 Elastic Kibana 0.14.4 Elastic Kibana 0.15.0 Elastic Kibana 0.15.1 Elastic Kibana 0.15.2 Elastic Kibana 0.16.0 Elastic Kibana 0.16.1 Elastic Kibana 0.16.2 Elastic Kibana 0.16.3 Elastic Kibana 0.16.4 Elastic Kibana 0.16.5 Elastic Kibana 0.17.0 Elastic Kibana 0.17.1 Elastic Kibana 0.17.2 Elastic Kibana 0.17.3 Elastic Kibana 0.17.4 Elastic Kibana 0.17.5 Elastic Kibana 0.17.6 Elastic Kibana 0.17.7 Elastic Kibana 0.17.8 Elastic Kibana 0.17.9 Elastic Kibana 0.17.10 Elastic Kibana 0.18.0 Elastic Kibana 0.18.1 Elastic Kibana 0.18.2 Elastic Kibana 0.18.3 Elastic Kibana 0.18.4 Elastic Kibana 0.18.5 Elastic Kibana 0.18.6 Elastic Kibana 0.18.7 Elastic Kibana 0.19.0 Elastic Kibana 0.19.1 Elastic Kibana 0.19.2 Elastic Kibana 0.19.3 Elastic Kibana 0.19.4 Elastic Kibana 0.19.5 Elastic Kibana 0.19.6 Elastic Kibana 0.19.7 Elastic Kibana 0.19.8 Elastic Kibana 0.19.9 Elastic Kibana 0.19.10 Elastic Kibana 0.19.11 Elastic Kibana 0.19.12 Elastic Kibana 0.20.0 Elastic Kibana 0.20.1 Elastic Kibana 0.20.2 Elastic Kibana 0.20.3 Elastic Kibana 0.20.4 Elastic Kibana 0.20.5 Elastic Kibana 0.20.6 Elastic Kibana 0.90.0 Elastic Kibana 0.90.1 Elastic Kibana 0.90.2 Elastic Kibana 0.90.3 Elastic Kibana 0.90.4 Elastic Kibana 0.90.5 Elastic Kibana 0.90.6 Elastic Kibana 0.90.7 Elastic Kibana 0.90.8 Elastic Kibana 0.90.9 Elastic Kibana 0.90.10 Elastic Kibana 0.90.11 Elastic Kibana 0.90.12 Elastic Kibana 0.90.13 Elastic Kibana 1.0.0 Elastic Kibana 1.0.1 Elastic Kibana 1.0.2 Elastic Kibana 1.0.3 Elastic Kibana 1.1.0 Elastic Kibana 1.1.1 Elastic Kibana 1.1.2 Elastic Kibana 1.2.0 Elastic Kibana 1.2.1 Elastic Kibana 1.2.2 Elastic Kibana 1.2.3 Elastic Kibana 1.2.4 Elastic Kibana 1.3.0 Elastic Kibana 1.3.1 Elastic Kibana 1.3.2 Elastic Kibana 1.3.3 Elastic Kibana 1.3.4 Elastic Kibana 1.3.5 Elastic Kibana 1.3.6 Elastic Kibana 1.3.7 Elastic Kibana 1.3.8 Elastic Kibana 1.3.9 Elastic Kibana 1.4.0 Elastic Kibana 1.4.1 Elastic Kibana 1.4.2 Elastic Kibana 1.4.3 Elastic Kibana 1.4.4 Elastic Kibana 1.4.5 Elastic Kibana 1.5.0 Elastic Kibana 1.5.1 Elastic Kibana 1.5.2 Elastic Kibana 1.6.0 Elastic Kibana 1.6.1 Elastic Kibana 1.6.2 Elastic Kibana 1.7.0 Elastic Kibana 1.7.1 Elastic Kibana 1.7.2 Elastic Kibana 1.7.3 Elastic Kibana 1.7.4 Elastic Kibana 1.7.5 Elastic Kibana 1.7.6 Elastic Kibana 2.0.0 Elastic Kibana 2.0.1 Elastic Kibana 2.0.2 Elastic Kibana 2.1.0 Elastic Kibana 2.1.1 Elastic Kibana 2.1.2 Elastic Kibana 2.2.0 Elastic Kibana 2.2.1 Elastic Kibana 2.2.2 Elastic Kibana 2.3.0 Elastic Kibana 2.3.1 Elastic Kibana 2.3.2 Elastic Kibana 2.3.3 Elastic Kibana 2.3.4 Elastic Kibana 2.3.5 Elastic Kibana 2.4.0 Elastic Kibana 2.4.1 Elastic Kibana 2.4.2 Elastic Kibana 2.4.3 Elastic Kibana 2.4.4 Elastic Kibana 2.4.5 Elastic Kibana 2.4.6 Elastic Kibana 3.0.0 Elastic Kibana 3.0.1 Elastic Kibana 3.1.0 Elastic Kibana 3.1.1 Elastic Kibana 3.1.2 Elastic Kibana 3.1.3 Elastic Kibana 4.0.0 Elastic Kibana 4.0.1 Elastic Kibana 4.0.2 Elastic Kibana 4.0.3 Elastic Kibana 4.1.0 Elastic Kibana 4.1.1 Elastic Kibana 4.1.2 Elastic Kibana 4.1.3 Elastic Kibana 4.1.4 Elastic Kibana 4.1.5 Elastic Kibana 4.1.6 Elastic Kibana 4.1.7 Elastic Kibana 4.1.8 Elastic Kibana 4.1.9 Elastic Kibana 4.1.10 Elastic Kibana 4.1.11 Elastic Kibana 4.2.0 Elastic Kibana 4.2.1 Elastic Kibana 4.2.2 Elastic Kibana 4.3.0 Elastic Kibana 4.3.1 Elastic Kibana 4.3.2 Elastic Kibana 4.3.3 Elastic Kibana 4.4.0 Elastic Kibana 4.4.1 Elastic Kibana 4.4.2 Elastic Kibana 4.5.0 Elastic Kibana 4.5.1 Elastic Kibana 4.5.2 Elastic Kibana 4.5.3 Elastic Kibana 4.5.4 Elastic Kibana 4.6.0 Elastic Kibana 4.6.1 Elastic Kibana 4.6.2 Elastic Kibana 4.6.3 Elastic Kibana 4.6.4 Elastic Kibana 4.6.5 Elastic Kibana 4.6.6 Elastic Kibana 4.7 Elastic Kibana 5.0.0 Elastic Kibana 5.0.1 Elastic Kibana 5.0.2 Elastic Kibana 5.1.1 Elastic Kibana 5.1.2 Elastic Kibana 5.2.0 Elastic Kibana 5.2.1 Elastic Kibana 5.2.2 Elastic Kibana 5.3.0 Elastic Kibana 5.3.1 Elastic Kibana 5.3.2 Elastic Kibana 5.3.3 Elastic Kibana 5.4.0 Elastic Kibana 5.4.1 Elastic Kibana 5.4.2 Elastic Kibana 5.4.3 Elastic Kibana 5.5.0 Elastic Kibana 5.5.1 Elastic Kibana 5.5.2 Elastic Kibana 5.5.3 Elastic Kibana 5.6.0 Elastic Kibana 5.6.1 Elastic Kibana 5.6.2 Elastic Kibana 5.6.3 Elastic Kibana 5.6.4 Elastic Kibana 5.6.5 Elastic Kibana 5.6.6 Elastic Kibana 5.6.7 Elastic Kibana 5.6.8 Elastic Kibana 5.6.9 Elastic Kibana 5.6.10 Elastic Kibana 5.6.11 Elastic Kibana 5.6.12 Elastic Kibana 5.6.13 Elastic Kibana 5.6.14 Elastic Kibana 5.6.15 Elastic Kibana 5.6.16 Elastic Kibana 6.0.0 Elastic Kibana 6.0.1 Elastic Kibana 6.1.0 Elastic Kibana 6.1.1 Elastic Kibana 6.1.2 Elastic Kibana 6.1.3 Elastic Kibana 6.1.4 Elastic Kibana 6.2.0 Elastic Kibana 6.2.1 Elastic Kibana 6.2.2 Elastic Kibana 6.2.3 Elastic Kibana 6.2.4 Elastic Kibana 6.3.0 Elastic Kibana 6.3.1 Elastic Kibana 6.3.2 Elastic Kibana 6.4.0 Elastic Kibana 6.4.1 Elastic Kibana 6.4.2 Elastic Kibana 6.4.3 Elastic Kibana 6.5.0 Elastic Kibana 6.5.1 Elastic Kibana 6.5.2 Elastic Kibana 6.5.3 Elastic Kibana 6.5.4 Elastic Kibana 6.6.0 Elastic Kibana 6.6.1 Elastic Kibana 6.6.2 Elastic Kibana 6.7.0 Elastic Kibana 6.7.1 Elastic Kibana 6.7.2 Elastic Kibana 6.8.0 Elastic Kibana 6.8.1 Elastic Kibana 6.8.2 Elastic Kibana 6.8.3 Elastic Kibana 6.8.4 Elastic Kibana 6.8.5 Elastic Kibana 6.8.6 Elastic Kibana 6.8.7 Elastic Kibana 6.8.8 Elastic Kibana 6.8.9 Elastic Kibana 6.8.10 Elastic Kibana 6.8.11	349

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125