Описание
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
A flaw was found in kibana’s Timelion component. This flaw allows an attacker to construct a URL that can lead to the kibana process consuming large amounts of CPU and becoming unresponsive when viewed by a kibana user. The highest threat from this vulnerability is to system availability.
Отчет
In Red Hat OpenShift Container Platform (RHOCP), the affected kibana component is behind OpenShift OAuth authentication. This restricts access to the vulnerable Timelion kibana component to authenticated users only, therefore the impact is Low. Red Hat OpenShift Container Platform 4 delivers the kibana package where the Timelion tool is used, but due to the code changing to the container first content, the kibana package is marked as wontfix. This may be fixed in the future.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Fix deferred |
Показывать по
Дополнительная информация
4.8 Medium
CVSS3
Связанные уязвимости
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
4.8 Medium
CVSS3