Vulnerabilities > Elastic > Kibana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |
| 2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-11-22 | CVE-2021-22142 | Unspecified vulnerability in Elastic Kibana Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. | 8.8 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-10-26 | CVE-2023-31422 | Information Exposure Through Log Files vulnerability in Elastic Kibana 8.10.0 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. | 7.5 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |
| 2023-02-22 | CVE-2022-38779 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |