Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kibana
(Elastic)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 60 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-18 | CVE-2021-22141 | An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. | Kibana | 6.1 | ||
| 2022-11-18 | CVE-2021-37936 | It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | Kibana | 5.4 | ||
| 2019-03-25 | CVE-2019-7609 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | Kibana, Openshift_container_platform | 10.0 | ||
| 2024-06-13 | CVE-2024-37279 | A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | Kibana | 4.3 |