CVE-2022-23707

Опубликовано: 03 фев. 2022

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

A Cross-Site Scripting (XSS) vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch-rhel8-operator	Will not fix
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Will not fix
Red Hat JBoss Fuse 6	Kibana	Out of support scope
Red Hat JBoss Fuse Service Works 6	Kibana	Out of support scope
Red Hat OpenShift Container Platform 3.11	kibana	Will not fix
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-kibana5	Will not fix
Red Hat OpenShift Container Platform 4	openshift4/ose-elasticsearch-operator	Will not fix
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-kibana6	Will not fix
Red Hat OpenStack Platform 13 (Queens)	puppet-kibana3	Out of support scope
Red Hat OpenStack Platform 16.1	puppet-kibana3	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2051419Kibana: Cross-site scripting issue (ESA-2022-01)

EPSS

Процентиль: 62%

0.00436

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2022-23707

CVSS3: 5.4

nvd

почти 4 года назад

CVE-2022-23707

CVSS3: 5.4

debian

почти 4 года назад

An XSS vulnerability was found in Kibana index patterns. Using this vu ...

GHSA-xj4h-2rjf-hh84

github

почти 4 года назад

EPSS

Процентиль: 62%

0.00436

Низкий

8.1 High

CVSS3