Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2018-14041 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2017-1000395 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-41571 Vulnerability in maven package org.apache.pulsar:pulsar

CVE-2017-1000353 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2017-8443 Vulnerability in npm package kibana

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory