Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kibana vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38779
An open redirect issue exists in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Elastic Kibana
5.4
CVSSv3
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
4.3
CVSSv3
CVE-2021-37938
It exists that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Domin...
Elastic Kibana
2.7
CVSSv3
CVE-2021-37939
It exists that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could uti...
Elastic Kibana
5.4
CVSSv3
CVE-2019-7621
Kibana versions prior to 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visua...
Elastic Kibana
8.8
CVSSv3
CVE-2023-31414
Kibana versions 8.0.0 up to and including 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitra...
Elastic Kibana
5.4
CVSSv3
CVE-2022-23707
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Elastic Kibana
5.3
CVSSv3
CVE-2022-23711
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerabl...
Elastic Kibana
6.1
CVSSv3
CVE-2022-23713
A cross-site-scripting (XSS) vulnerability exists in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
Elastic Kibana
9
CVSSv3
CVE-2019-7610
Kibana versions prior to 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly ...
Elastic Kibana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »