Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2020-6461 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-6393 Vulnerability in maven package io.quarkus:quarkus-cache

CVE-2017-5641 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core

CVE-2023-30535 Vulnerability in maven package net.snowflake:snowflake-jdbc

CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mitigation Vendor Advisory Release Notes