Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kibana
(Elastic)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-08 | CVE-2017-11481 | Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | Kibana | 6.1 | ||
| 2017-09-29 | CVE-2017-11479 | Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | Kibana, Kibana | 6.1 | ||
| 2017-06-16 | CVE-2016-10366 | Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. | Kibana | 6.1 | ||
| 2017-06-16 | CVE-2016-10364 | With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. | Kibana | 6.5 | ||
| 2017-06-16 | CVE-2016-1000220 | Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | Kibana | 6.1 | ||
| 2017-06-16 | CVE-2016-1000219 | Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | Kibana | 7.5 | ||
| 2017-06-16 | CVE-2015-9056 | Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | Kibana | 6.1 | ||
| 2015-06-15 | CVE-2015-4093 | Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Kibana | N/A | ||
| 2019-03-25 | CVE-2019-7608 | Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | Kibana | 6.1 | ||
| 2019-03-25 | CVE-2019-7610 | Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | Kibana | 9.0 |