Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://www.elastic.co/community/security

https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

Related Vulnerabilities

CVE-2018-12545 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api

CVE-2020-6541 Vulnerability in npm package electron

CVE-2023-35151 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_2.13

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Release Notes Mitigation