Описание
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
Отчет
In OpenShift Container Platform (OCP) the kibana components have X-Pack security features disabled by default. The X-Pack plugin can be used only is an enterprise version [1]. Hence the open source version is unaffected by this vulnerability. [1] https://www.elastic.co/subscriptions
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Not affected |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS3
Связанные уязвимости
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
4 Medium
CVSS3