Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2020-8203 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2021-22132 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common

CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server

CVE-2017-2602 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mitigation Vendor Advisory Release Notes