Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2019-10301 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin

CVE-2020-11022 Vulnerability in npm package jquery

CVE-2023-34454 Vulnerability in maven package org.xerial.snappy:snappy-java

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity

CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory