5.5.1

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-17245	Insufficiently Protected Credentials vulnerability in Elastic Kibana Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. network low complexity elastic CWE-522	5.0
2018-09-19	CVE-2018-3830	Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic redhat CWE-79	6.1
2018-03-30	CVE-2018-3821	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2018-03-30	CVE-2018-3819	Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. network elastic CWE-601	5.8
2018-03-30	CVE-2018-3818	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network elastic CWE-79	4.3
2017-09-29	CVE-2017-11479	Cross-site Scripting vulnerability in multiple products Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network elastic elasticsearch CWE-79	4.3