Product:

Kibana

(Elastic)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 57
Date Id Summary Products Score Patch Annotated
2017-06-16 CVE-2016-10364 With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. Kibana 6.5
2017-06-16 CVE-2016-1000220 Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. Kibana 6.1
2017-06-16 CVE-2016-1000219 Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. Kibana 7.5
2017-06-16 CVE-2015-9056 Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. Kibana 6.1
2015-06-15 CVE-2015-4093 Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Kibana N/A
2019-03-25 CVE-2019-7608 Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Kibana 6.1
2019-03-25 CVE-2019-7610 Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana 9.0