Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic kibana - vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2021-22136
In Kibana versions prior to 7.12.0 and 6.8.15 a flaw in the session timeout exists where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a us...
Elastic Kibana
4
CVSSv2
CVE-2021-22139
Kibana versions prior to 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana un...
Elastic Kibana
NA
CVE-2021-22142
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnera...
Elastic Kibana
NA
CVE-2021-22151
It exists that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
Elastic Kibana
NA
CVE-2023-46675
An issue exists by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may cont...
Elastic Kibana
4
CVSSv2
CVE-2021-37938
It exists that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Domin...
Elastic Kibana
3.5
CVSSv2
CVE-2022-23707
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Elastic Kibana
4.3
CVSSv2
CVE-2018-3818
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
5.8
CVSSv2
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions prior to 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
4.3
CVSSv2
CVE-2018-3820
Kibana versions after 6.1.0 and prior to 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »