Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

http://www.securityfocus.com/bid/102734

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

Related Vulnerabilities

CVE-2020-2274 Vulnerability in maven package org.jenkins-ci.plugins:elastestv

CVE-2017-2638 Vulnerability in maven package org.infinispan:infinispan-compatibility-mode-it

CVE-2018-6874 Vulnerability in maven package org.webjars.bower:auth0-lock

CVE-2021-27516 Vulnerability in maven package org.webjars.bower:urijs

CVE-2018-6356 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory