Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://www.elastic.co/community/security

https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

Related Vulnerabilities

CVE-2019-14837 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2013-2160 Vulnerability in maven package org.apache.cxf:cxf-parent

CVE-2018-1000143 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-jaas

CVE-2022-34785 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Release Notes Mitigation