Vulnerabilities > Elastic > Kibana > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2021-37936 | Cross-site Scripting vulnerability in Elastic Kibana It was discovered that Kibana was not sanitizing document fields containing HTML snippets. | 5.4 |
| 2022-07-06 | CVE-2022-23713 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
| 2022-04-21 | CVE-2022-23711 | Unspecified vulnerability in Elastic Kibana A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. | 5.3 |
| 2022-03-03 | CVE-2022-23709 | Missing Authorization vulnerability in Elastic Kibana A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. | 4.3 |
| 2022-03-03 | CVE-2022-23710 | Cross-site Scripting vulnerability in Elastic Kibana A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. | 6.1 |
| 2022-02-11 | CVE-2022-23707 | Cross-site Scripting vulnerability in Elastic Kibana An XSS vulnerability was found in Kibana index patterns. | 5.4 |
| 2021-11-18 | CVE-2021-37938 | Path Traversal vulnerability in Elastic Kibana It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2021-06-02 | CVE-2020-10743 | Improperly Implemented Security Check for Standard vulnerability in multiple products It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. | 4.3 |
| 2021-05-13 | CVE-2021-22139 | Resource Exhaustion vulnerability in Elastic Kibana Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. | 6.5 |
| 2020-12-02 | CVE-2020-27816 | Open Redirect vulnerability in multiple products The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. | 6.1 |