Описание
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker could use this flaw to inject arbitrary web script into pages served to other users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | kibana | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | kibana | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | kibana | Fixed | RHSA-2016:1836 | 08.09.2016 |
| Red Hat OpenShift Container Platform 3.2 | openshift-elasticsearch-plugin | Fixed | RHSA-2016:1836 | 08.09.2016 |
| Red Hat OpenShift Enterprise 3.1 | kibana | Fixed | RHSA-2016:1836 | 08.09.2016 |
| Red Hat OpenShift Enterprise 3.1 | openshift-elasticsearch-plugin | Fixed | RHSA-2016:1836 | 08.09.2016 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1364389kibana: XSS vulnerability ESA-2016-03
EPSS
Процентиль: 53%
0.003
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.1
nvd
больше 8 лет назад
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
CVSS3: 6.1
debian
больше 8 лет назад
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that wo ...
CVSS3: 6.1
github
больше 3 лет назад
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
EPSS
Процентиль: 53%
0.003
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS2