Vulnerabilities > Elastic > Kibana > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-18 | CVE-2021-37936 | Cross-site Scripting vulnerability in Elastic Kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. | 5.4 |
2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
2022-04-21 | CVE-2022-23711 | Unspecified vulnerability in Elastic Kibana A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. | 5.3 |
2022-03-03 | CVE-2022-23709 | Missing Authorization vulnerability in Elastic Kibana A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. | 4.3 |
2022-03-03 | CVE-2022-23710 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
2022-02-11 | CVE-2022-23707 | Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. | 5.4 |
2021-11-18 | CVE-2021-37938 | Path Traversal vulnerability in Elastic Kibana It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
2021-06-02 | CVE-2020-10743 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 6.5 |
2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 6.1 |