Vulnerabilities > Elastic > Kibana > 4.1.1
|2021-05-13||CVE-2021-22136|| Insufficient Session Expiration vulnerability in Elastic Kibana |
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
| 3.6 |
|2021-05-13||CVE-2021-22139|| Resource Exhaustion vulnerability in Elastic Kibana |
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
| 4.0 |
|2020-12-02||CVE-2020-27816|| Open Redirect vulnerability in multiple products |
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource.
| 5.8 |
|2020-06-03||CVE-2020-7015|| Cross-Site Scripting vulnerability in Elastic Kibana |
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
| 3.5 |
|2020-06-03||CVE-2020-7013|| Code Injection vulnerability in multiple products |
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB.
| 6.5 |
|2019-12-18||CVE-2019-7621|| Cross-Site Scripting vulnerability in Elastic Kibana |
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
| 3.5 |
|2019-07-30||CVE-2019-7616|| Server-Side Request Forgery (SSRF) vulnerability in Elastic Kibana |
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
| 4.0 |
|2019-03-25||CVE-2019-7609|| Code Injection vulnerability in multiple products |
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.
| 10.0 |
|2018-12-20||CVE-2018-17245|| Insufficiently Protected Credentials vulnerability in Elastic Kibana |
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports.
| 5.0 |
|2018-03-30||CVE-2018-3819|| Open Redirect vulnerability in Elastic Kibana |
The fix in Kibana for ESA-2017-23 was incomplete.
| 5.8 |