Vulnerabilities > CVE-2021-22136 - Insufficient Session Expiration vulnerability in Elastic Kibana

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
elastic
CWE-613

Summary

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Vulnerable Configurations

Part Description Count
Application
Elastic
344

Common Weakness Enumeration (CWE)