Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic kibana vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-7610
Kibana versions prior to 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly ...
Elastic Kibana
5
CVSSv2
CVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an ext...
Elastic Kibana
7.5
CVSSv2
CVE-2018-17246
Kibana versions prior to 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitra...
Elastic Kibana
Redhat Openshift Container Platform 3.11
4 Github repositories
4.3
CVSSv2
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
3.5
CVSSv2
CVE-2018-3823
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the malicious user to obtain sensitive informatio...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
4.3
CVSSv2
CVE-2018-3818
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
5.8
CVSSv2
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions prior to 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
4.3
CVSSv2
CVE-2018-3820
Kibana versions after 6.1.0 and prior to 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
4.3
CVSSv2
CVE-2018-3821
Kibana versions after 5.1.1 and prior to 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
4.3
CVSSv2
CVE-2017-11481
Kibana versions before 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 6.0.0
Elastic Kibana 5.6.1
Elastic Kibana 5.6.2
Elastic Kibana 5.6.3
Elastic Kibana 5.6.4
Elastic Kibana 5.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »