Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic kibana vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-38778
A flaw (CVE-2022-38900) exists in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
Elastic Kibana
Decode-uri-component Project Decode-uri-component
5.4
CVSSv3
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
6.1
CVSSv3
CVE-2021-22141
An open redirect flaw was found in Kibana versions prior to 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
Elastic Kibana
6.1
CVSSv3
CVE-2022-23713
A cross-site-scripting (XSS) vulnerability exists in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
Elastic Kibana
5.3
CVSSv3
CVE-2022-23711
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerabl...
Elastic Kibana
4.3
CVSSv3
CVE-2022-23709
A flaw exists in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with th...
Elastic Kibana
Elastic Kibana 8.0.0
6.1
CVSSv3
CVE-2022-23710
A cross-site-scripting (XSS) vulnerability exists in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.
Elastic Kibana
Elastic Kibana 8.0.0
5.4
CVSSv3
CVE-2022-23707
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Elastic Kibana
4.3
CVSSv3
CVE-2021-37938
It exists that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Domin...
Elastic Kibana
2.7
CVSSv3
CVE-2021-37939
It exists that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could uti...
Elastic Kibana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »