Описание
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses. An attacker potentially is able to leverage known Chromium vulnerabilities to conduct further attacks.
Отчет
The kibana reporting feature is part of the X-Pack features [1]. In OpenShift Container Platform (OCP) the kibana components have X-Pack security features disabled by default. The X-Pack plugin can be used only in the enterprise version [2] [3]. Hence the open source version is unaffected by this vulnerability. [1] https://www.elastic.co/guide/en/kibana/current/reporting-getting-started.html [2] https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html [3] https://www.elastic.co/subscriptions
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Not affected |
Показывать по
Дополнительная информация
Статус:
6.6 Medium
CVSS3
Связанные уязвимости
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Kibana contains an embedded version of the Chromium browser that the R ...
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
6.6 Medium
CVSS3