Vulnerabilities > Elastic > Kibana > 7.14.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-37287 | Unspecified vulnerability in Elastic Kibana A flaw allowing arbitrary code execution was discovered in Kibana. | 7.2 |
| 2024-06-19 | CVE-2024-23443 | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
| 2024-06-14 | CVE-2024-23442 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-11-22 | CVE-2021-22150 | Code Injection vulnerability in Elastic Kibana It was discovered that a user with Fleet admin permissions could upload a malicious package. | 7.2 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-02-22 | CVE-2022-38779 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2023-02-08 | CVE-2022-38778 | Improper Input Validation vulnerability in multiple products A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | 6.5 |
| 2022-11-18 | CVE-2021-37936 | Cross-site Scripting vulnerability in Elastic Kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. | 5.4 |
| 2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |