Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2022-34791 Vulnerability in maven package io.jenkins.plugins:validating-email-parameter

CVE-2023-45820 Vulnerability in npm package directus

CVE-2012-5887 Vulnerability in maven package tomcat:catalina

CVE-2020-1758 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2020-5410 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory