Vulnerabilities > Elastic > Kibana > 8.1.2

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2024-23446 Unspecified vulnerability in Elastic Kibana
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices.
network
low complexity
elastic
6.5
2023-12-13 CVE-2023-46671 Information Exposure Through Log Files vulnerability in Elastic Kibana
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error.
network
low complexity
elastic CWE-532
6.5
2023-12-13 CVE-2023-46675 Information Exposure Through Log Files vulnerability in Elastic Kibana
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.
network
low complexity
elastic CWE-532
6.5
2023-05-04 CVE-2023-31414 Code Injection vulnerability in Elastic Kibana
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw.
network
low complexity
elastic CWE-94
8.8
2023-02-22 CVE-2022-38779 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1
2023-02-08 CVE-2022-38778 Improper Input Validation vulnerability in multiple products
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
6.5
2022-07-06 CVE-2022-23713 Cross-site Scripting vulnerability in Elastic Kibana
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
network
elastic CWE-79
4.3