Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kibana vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-7609
Kibana versions prior to 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing ...
Elastic Kibana
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
16 Github repositories
3.5
CVSSv2
CVE-2018-3823
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the malicious user to obtain sensitive informatio...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
4.3
CVSSv2
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
2.1
CVSSv2
CVE-2020-7016
Kibana versions prior to 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
Elasticsearch Kibana
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.7.0
4.6
CVSSv2
CVE-2020-7017
In Kibana versions prior to 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the r...
Elasticsearch Kibana
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.7.0
4
CVSSv2
CVE-2021-22139
Kibana versions prior to 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana un...
5.8
CVSSv2
CVE-2019-13422
Search Guard Kibana Plugin versions prior to 5.6.8-7 and prior to 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
Search-guard Search Guard
6.5
CVSSv2
CVE-2019-13423
Search Guard Kibana Plugin versions prior to 5.6.8-7 and prior to 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Sing...
Search-guard Search Guard
4.3
CVSSv2
CVE-2018-20698
The floragunn Search Guard plugin prior to 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
Search-guard Search Guard
3.6
CVSSv2
CVE-2021-22136
In Kibana versions prior to 7.12.0 and 6.8.15 a flaw in the session timeout exists where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a us...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »