Описание
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
A stored Cross-site scripting (XSS) flaw was found in the region map visualization in kibana. This flaw allows an attacker who can edit or create a region map visualization to obtain sensitive information or perform destructive actions on behalf of kibana users who view the region map visualization. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Отчет
In Red Hat OpenShift Container Platform (RHOCP) the affected kibana region map visualization is behind OpenShift OAuth authentication. This restricts access to the vulnerable visualization to authenticated users only, therefore the impact is Low. Red Hat OpenShift Container Platform 4 delivers the kibana package where the region map visualization is included, but due to the code changing to the container first content, the kibana package is marked as wontfix. This may be fixed in the future.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
EPSS
6.7 Medium
CVSS3