Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

http://www.securityfocus.com/bid/102734

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

Related Vulnerabilities

CVE-2021-21342 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-39153 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2021-23378 Vulnerability in npm package picotts

CVE-2021-43841 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory