Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

http://www.securityfocus.com/bid/102734

Related Vulnerabilities

CVE-2022-31160 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2022-38723 Vulnerability in maven package io.gravitee.apim.rest.api:gravitee-apim-rest-api-service

CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-api

CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry