CVE-2018-3830

Опубликовано: 19 сент. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Ссылки

https://access.redhat.com/errata/RHSA-2018:3537
Third Party Advisory
https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
Release Notes
Vendor Advisory
https://www.elastic.co/community/security
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3537
Third Party Advisory
https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
Release Notes
Vendor Advisory
https://www.elastic.co/community/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 6.4.1 (включая)

Конфигурация 2

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-3830

CVSS3: 8

redhat

больше 7 лет назад

CVE-2018-3830

CVSS3: 6.1

debian

больше 7 лет назад

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulner ...

GHSA-p82g-h4qx-f53f

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 66%

0.00507

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79