Vulnerabilities > Elastic > Kibana > 7.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2022-23709 | Missing Authorization vulnerability in Elastic Kibana A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. | 4.3 |
| 2022-02-11 | CVE-2022-23707 | Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. | 5.4 |
| 2021-05-13 | CVE-2021-22136 | Insufficient Session Expiration vulnerability in Elastic Kibana In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. | 3.5 |
| 2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 6.5 |