Elastic

Kibana

120 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 28.05.2026 19:40:21
  • Zuletzt bearbeitet 29.05.2026 21:17:18

Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Ki...

  • EPSS 0.24%
  • Veröffentlicht 28.05.2026 19:37:38
  • Zuletzt bearbeitet 29.05.2026 21:18:16

Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its int...

  • EPSS 0.25%
  • Veröffentlicht 28.05.2026 19:35:31
  • Zuletzt bearbeitet 29.05.2026 21:17:42

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana AP...

  • EPSS 0.22%
  • Veröffentlicht 28.05.2026 19:33:38
  • Zuletzt bearbeitet 29.05.2026 21:20:41

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to ...

  • EPSS 0.23%
  • Veröffentlicht 08.04.2026 16:47:58
  • Zuletzt bearbeitet 13.04.2026 11:30:33

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potential...

  • EPSS 0.24%
  • Veröffentlicht 08.04.2026 16:46:02
  • Zuletzt bearbeitet 13.04.2026 18:21:25

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large i...

  • EPSS 0.18%
  • Veröffentlicht 08.04.2026 16:43:30
  • Zuletzt bearbeitet 21.04.2026 17:51:24

Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces t...

  • EPSS 0.28%
  • Veröffentlicht 08.04.2026 16:41:27
  • Zuletzt bearbeitet 22.04.2026 16:44:08

Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys...

  • EPSS 0.3%
  • Veröffentlicht 08.04.2026 16:38:59
  • Zuletzt bearbeitet 13.04.2026 18:22:55

Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fl...

  • EPSS 0.27%
  • Veröffentlicht 19.03.2026 17:14:31
  • Zuletzt bearbeitet 23.03.2026 13:35:49

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted T...