Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2022-34193 Vulnerability in maven package org.lilicurroad.jenkins:packageversion

CVE-2018-15801 Vulnerability in maven package org.springframework.security:spring-security-oauth2-jose

CVE-2017-1000006 Vulnerability in maven package org.webjars.bowergithub.plotly:plotly.js

CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:jempbox

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mitigation Vendor Advisory Release Notes