7.12.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-06	CVE-2022-23713	Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. network low complexity elastic CWE-79	6.1
2022-04-21	CVE-2022-23711	Unspecified vulnerability in Elastic Kibana A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. network low complexity elastic	5.3
2022-03-03	CVE-2022-23709	Missing Authorization vulnerability in Elastic Kibana A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. network low complexity elastic CWE-862	4.3
2022-02-11	CVE-2022-23707	Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. network low complexity elastic CWE-79	5.4
2021-11-18	CVE-2021-37938	Path Traversal vulnerability in Elastic Kibana It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. network low complexity elastic CWE-22	4.3
2021-11-18	CVE-2021-37939	Cleartext Transmission of Sensitive Information vulnerability in Elastic Kibana It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. network low complexity elastic CWE-319	2.7
2021-05-13	CVE-2021-22139	Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. network low complexity elastic CWE-400	6.5