Description
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Remediation
References
http://www.securityfocus.com/bid/102734
https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763
Related Vulnerabilities
CVE-2019-20149 Vulnerability in maven package org.webjars.npm:kind-of
CVE-2019-10335 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2016-10619 Vulnerability in npm package pennyworth
CVE-2018-1000632 Vulnerability in maven package org.jenkins-ci.dom4j:dom4j
CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter