Elastic

Kibana

120 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.89%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • EPSS 0.85%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary ...

  • EPSS 0.69%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • EPSS 0.74%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:06

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other K...

  • EPSS 0.84%
  • Veröffentlicht 08.12.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • EPSS 0.74%
  • Veröffentlicht 08.12.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitr...

  • EPSS 1.07%
  • Veröffentlicht 29.09.2017 01:34:48
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

  • EPSS 1.1%
  • Veröffentlicht 30.06.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear ...

  • EPSS 0.83%
  • Veröffentlicht 16.06.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.

  • EPSS 2.04%
  • Veröffentlicht 16.06.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form...