Latest Elasticsearch Kibana 6 0 0 Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-7621 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations.
Low
2019-07-30 CVE-2019-7616 Server-Side Request Forgery (SSRF) vulnerability in Elasticsearch Kibana
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
Medium
2018-12-20 CVE-2018-17246 Inclusion of Functionality From Untrusted Control Sphere vulnerability in multiple products
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin.
High
2018-12-20 CVE-2018-17245 Insufficiently Protected Credentials vulnerability in Elasticsearch Kibana
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports.
Medium
2018-09-19 CVE-2018-3830 Cross-Site Scripting vulnerability in multiple products
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Medium
2018-03-30 CVE-2018-3821 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Medium
2018-03-30 CVE-2018-3819 Open Redirect vulnerability in Elasticsearch Kibana
The fix in Kibana for ESA-2017-23 was incomplete.
Medium
2018-03-30 CVE-2018-3818 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Medium
2017-12-08 CVE-2017-11482 Open Redirect vulnerability in Elasticsearch Kibana
The Kibana fix for CVE-2017-8451 was found to be incomplete.
Medium
2017-12-08 CVE-2017-11481 Cross-Site Scripting vulnerability in Elasticsearch Kibana
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Medium