Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

http://www.securityfocus.com/bid/102734

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

Related Vulnerabilities

CVE-2020-2229 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-el-api

CVE-2021-23484 Vulnerability in npm package zip-local

CVE-2014-3600 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2019-0188 Vulnerability in maven package org.apache.camel:camel-xmljson

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory