Описание
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
An open redirect flaw was found in Kibana. An attacker is able to redirect a logged Kibana user to an arbitrary website by specially crafted URL.
Отчет
OpenShift Container Platform (OCP) 4 delivered the kibana package but during the update to container first (openshift4/ose-logging-kibana6 since OCP 4.5) the kibana package is not maintained anymore, hence is marked as wontfix.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
An open redirect flaw was found in Kibana versions before 7.13.0 and 6 ...
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
EPSS
4.3 Medium
CVSS3