Vulnerabilities > Elastic > Kibana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-3830 | Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3821 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3820 | Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3819 | Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. | 6.1 |
| 2018-03-30 | CVE-2018-3818 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-12-08 | CVE-2017-11482 | Open Redirect vulnerability in Elastic Kibana The Kibana fix for CVE-2017-8451 was found to be incomplete. | 6.1 |
| 2017-12-08 | CVE-2017-11481 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-09-29 | CVE-2017-11479 | Cross-site Scripting vulnerability in multiple products Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-06-30 | CVE-2017-8443 | Information Exposure vulnerability in Elastic Kibana In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. | 6.5 |
| 2017-06-16 | CVE-2017-8452 | Uncontrolled File Descriptor Consumption vulnerability in Elastic Kibana Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. | 7.5 |