Vulnerabilities > Elastic > Kibana > 7.13.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-46675 Information Exposure Through Log Files vulnerability in Elastic Kibana
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.
network
low complexity
elastic CWE-532
6.5
2023-11-22 CVE-2021-22150 Code Injection vulnerability in Elastic Kibana
It was discovered that a user with Fleet admin permissions could upload a malicious package.
network
low complexity
elastic CWE-94
7.2
2023-11-22 CVE-2021-22151 Path Traversal vulnerability in Elastic Kibana
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files.
network
low complexity
elastic CWE-22
4.3
2023-02-22 CVE-2022-38779 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1
2023-02-08 CVE-2022-38778 Improper Input Validation vulnerability in multiple products
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
6.5
2022-11-18 CVE-2021-37936 Cross-site Scripting vulnerability in Elastic Kibana
It was discovered that Kibana was not sanitizing document fields containing HTML snippets.
network
low complexity
elastic CWE-79
5.4
2022-07-06 CVE-2022-23713 Cross-site Scripting vulnerability in Elastic Kibana
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-04-21 CVE-2022-23711 Unspecified vulnerability in Elastic Kibana
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source.
network
low complexity
elastic
5.0
2022-03-03 CVE-2022-23709 Missing Authorization vulnerability in Elastic Kibana
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules.
network
low complexity
elastic CWE-862
4.0
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
elastic CWE-79
3.5