Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic kibana vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-7608
Kibana versions prior to 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
9.8
CVSSv3
CVE-2018-17246
Kibana versions prior to 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitra...
Elastic Kibana
Redhat Openshift Container Platform 3.11
4 Github repositories
9.8
CVSSv3
CVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an ext...
Elastic Kibana
5.4
CVSSv3
CVE-2018-3823
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the malicious user to obtain sensitive informatio...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
6.1
CVSSv3
CVE-2018-3824
X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious ...
Elastic Elasticsearch X-pack
Elastic Kibana X-pack
Elastic Logstash X-pack
6.1
CVSSv3
CVE-2018-3818
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
6.1
CVSSv3
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions prior to 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
6.1
CVSSv3
CVE-2018-3820
Kibana versions after 6.1.0 and prior to 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
6.1
CVSSv3
CVE-2018-3821
Kibana versions after 5.1.1 and prior to 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana
6.1
CVSSv3
CVE-2017-11481
Kibana versions before 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 6.0.0
Elastic Kibana 5.6.1
Elastic Kibana 5.6.2
Elastic Kibana 5.6.3
Elastic Kibana 5.6.4
Elastic Kibana 5.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »