Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui

CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator

CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons

CVE-2022-31127 Vulnerability in npm package next-auth

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory