Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2022-34815 Vulnerability in maven package org.jenkins-ci.plugins:rrod

CVE-2016-3722 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-1003010 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui

CVE-2007-6433 Vulnerability in maven package org.jboss.seam:jboss-seam

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory