Elastic

Kibana

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-3830

  • EPSS 0.71%
  • Veröffentlicht 19.09.2018 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:06:07

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1

CVE-2018-3818

  • EPSS 0.38%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1

CVE-2018-3819

  • EPSS 0.21%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary ...

6.1

CVE-2018-3820

  • EPSS 0.35%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:05

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1

CVE-2018-3821

  • EPSS 0.38%
  • Veröffentlicht 30.03.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:06:06

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other K...

6.1

CVE-2017-11481

  • EPSS 0.27%
  • Veröffentlicht 08.12.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.1

CVE-2017-11482

  • EPSS 0.2%
  • Veröffentlicht 08.12.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitr...

6.1

CVE-2017-11479

  • EPSS 0.29%
  • Veröffentlicht 29.09.2017 01:34:48
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

6.5

CVE-2017-8443

  • EPSS 0.35%
  • Veröffentlicht 30.06.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear ...

6.1

CVE-2015-9056

  • EPSS 0.29%
  • Veröffentlicht 16.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.