Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-22151

Опубликовано: 22 нояб. 2023
Источник: nvd
CVSS3: 3.1
CVSS3: 4.3
EPSS Низкий

Описание

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Версия от 7.9.0 (включая) до 7.14.0 (включая)

EPSS

Процентиль: 69%
0.00592
Низкий

3.1 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-22
CWE-22

Связанные уязвимости

debian логотип

CVE-2021-22151

CVSS3: 3.1
debian
около 2 лет назад

It was discovered that Kibana was not validating a user supplied path, ...

github логотип

GHSA-rj62-3vmp-2f6j

CVSS3: 3.1
github
около 2 лет назад

It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

EPSS

Процентиль: 69%
0.00592
Низкий

3.1 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-22
CWE-22