Vulnerabilities > Elastic > Kibana > 6.8.9

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-23442 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1
2022-11-18 CVE-2021-22141 Open Redirect vulnerability in Elastic Kibana
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16.
network
low complexity
elastic CWE-601
6.1
2022-11-18 CVE-2021-37936 Cross-site Scripting vulnerability in Elastic Kibana
It was discovered that Kibana was not sanitizing document fields containing HTML snippets.
network
low complexity
elastic CWE-79
5.4
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
low complexity
elastic CWE-613
3.5
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
6.5
2020-06-03 CVE-2020-7015 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
network
low complexity
elastic CWE-79
5.4