Vulnerabilities > Elastic > Kibana > 7.3.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2021-22142 Unspecified vulnerability in Elastic Kibana
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports.
network
low complexity
elastic
8.8
2023-02-22 CVE-2022-38779 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1
2023-02-08 CVE-2022-38778 Improper Input Validation vulnerability in multiple products
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
6.5
2022-11-18 CVE-2021-22141 Open Redirect vulnerability in Elastic Kibana
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16.
network
low complexity
elastic CWE-601
6.1
2022-11-18 CVE-2021-37936 Cross-site Scripting vulnerability in Elastic Kibana
It was discovered that Kibana was not sanitizing document fields containing HTML snippets.
network
low complexity
elastic CWE-79
5.4
2022-07-06 CVE-2022-23713 Cross-site Scripting vulnerability in Elastic Kibana
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3
2022-04-21 CVE-2022-23711 Unspecified vulnerability in Elastic Kibana
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source.
network
low complexity
elastic
5.0
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
local
low complexity
elastic CWE-613
3.6
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
4.0
2020-06-03 CVE-2020-7015 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization.
network
elastic CWE-79
3.5