Latest Elasticsearch Kibana 5 6 3 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-07-27 CVE-2020-7017 Cross-Site Scripting vulnerability in Elasticsearch Kibana
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw.
3.5
2020-07-27 CVE-2020-7016 Incorrect Comparison vulnerability in Elasticsearch Kibana
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion.
4.3
2019-12-18 CVE-2019-7621 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
3.5
2019-07-30 CVE-2019-7616 Server-Side Request Forgery (SSRF) vulnerability in Elasticsearch Kibana
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
4.0
2018-12-20 CVE-2018-17246 Inclusion of Functionality From Untrusted Control Sphere vulnerability in multiple products
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin.
7.5
2018-12-20 CVE-2018-17245 Insufficiently Protected Credentials vulnerability in Elasticsearch Kibana
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports.
5.0
2018-09-19 CVE-2018-3830 Cross-Site Scripting vulnerability in multiple products
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
4.3
2018-03-30 CVE-2018-3821 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
4.3
2018-03-30 CVE-2018-3819 Open Redirect vulnerability in Elasticsearch Kibana
The fix in Kibana for ESA-2017-23 was incomplete.
5.8
2018-03-30 CVE-2018-3818 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
4.3