Описание
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
A flaw was found in Kibana. This issue allows users with read access to the Uptime feature to modify alerting rules, allowing them to create new or overwrite existing ones. However, any rules created this way are not enabled by default and allow the user to disable an existing, enabled alert rule.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel8-operator | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Red Hat JBoss Fuse 6 | Kibana | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | Kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-kibana5 | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-elasticsearch-operator | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Fix deferred | ||
| Red Hat OpenStack Platform 13 (Queens) | puppet-kibana3 | Out of support scope | ||
| Red Hat OpenStack Platform 16.1 | puppet-kibana3 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
A flaw was discovered in Kibana in which users with Read access to the ...
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
EPSS
4.3 Medium
CVSS3