Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-protocols-imap4

CVE-2010-3863 Vulnerability in maven package org.apache.shiro:shiro-all

CVE-2014-0072 Vulnerability in npm package cordova-plugin-file-transfer

CVE-2017-1000355 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory