Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2023-48219 Vulnerability in npm package tinymce

CVE-2022-33980 Vulnerability in maven package org.apache.commons:commons-configuration2

CVE-2016-0714 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-38370 Vulnerability in maven package org.apache.iotdb:iotdb-grafana-connector

CVE-2023-40028 Vulnerability in npm package ghost

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory