Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic kibana vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-37938
It exists that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Domin...
Elastic Kibana
356
VMScore
CVE-2021-37939
It exists that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could uti...
Elastic Kibana
312
VMScore
CVE-2020-7015
Kibana versions prior to 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the malicious user to obtain sensitive information from, or perform destructive actions, on behalf of Kibana u...
Elastic Kibana
NA
CVE-2021-22142
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnera...
Elastic Kibana
NA
CVE-2021-22150
It exists that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an malicious user to execute commands on the Kibana server.
Elastic Kibana
NA
CVE-2021-22151
It exists that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
Elastic Kibana
516
VMScore
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions prior to 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
383
VMScore
CVE-2018-3820
Kibana versions after 6.1.0 and prior to 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
383
VMScore
CVE-2018-3821
Kibana versions after 5.1.1 and prior to 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
NA
CVE-2021-22141
An open redirect flaw was found in Kibana versions prior to 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
Elastic Kibana
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »