Описание
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
Уязвимые конфигурации
Одно из
EPSS
3.5 Low
CVSS3
3.6 Low
CVSS2
Дефекты
Связанные уязвимости
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
EPSS
3.5 Low
CVSS3
3.6 Low
CVSS2