Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2020-11023 Vulnerability in npm package jquery

CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-24446 Vulnerability in maven package org.jenkins-ci.plugins:openid

CVE-2021-32050 Vulnerability in npm package mongodb

CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory