Vulnerabilities > Elastic > Kibana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2020-10743 | Improperly Implemented Security Check for Standard vulnerability in multiple products It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-05-13 | CVE-2021-22136 | Insufficient Session Expiration vulnerability in Elastic Kibana In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. | 3.6 |
| 2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 4.0 |
| 2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 5.8 |
| 2020-06-03 | CVE-2020-7015 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. | 3.5 |
| 2020-06-03 | CVE-2020-7013 | Code Injection vulnerability in multiple products Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. | 6.5 |
| 2020-06-03 | CVE-2020-7012 | Code Injection vulnerability in Elastic Kibana Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. | 6.5 |
| 2019-12-18 | CVE-2019-7621 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. | 3.5 |
| 2019-10-01 | CVE-2019-7618 | Path Traversal vulnerability in Elastic Kibana 7.3.0/7.3.1/7.3.2 A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. | 3.5 |
| 2019-07-30 | CVE-2019-7616 | Server-Side Request Forgery (SSRF) vulnerability in Elastic Kibana Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. | 4.9 |