Vulnerabilities > Elastic > Kibana > 7.7.1

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-23709 Missing Authorization vulnerability in Elastic Kibana
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules.
network
low complexity
elastic CWE-862
4.3
2022-02-11 CVE-2022-23707 Cross-site Scripting vulnerability in Elastic Kibana
An XSS vulnerability was found in Kibana index patterns.
network
low complexity
elastic CWE-79
5.4
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
low complexity
elastic CWE-613
3.5
2021-05-13 CVE-2021-22139 Resource Exhaustion vulnerability in Elastic Kibana
Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.
network
low complexity
elastic CWE-400
6.5