Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

http://www.securityfocus.com/bid/102734

Related Vulnerabilities

CVE-2022-43405 Vulnerability in maven package io.jenkins.plugins:pipeline-groovy-lib

CVE-2019-10087 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2023-25164 Vulnerability in npm package @tinacms/cli

CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-web

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry