CVE-2022-23710

Опубликовано: 28 фев. 2022

Источник: redhat

CVSS3: 6.1

Описание

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.

A flaw was found in Kibana’s data preview pane. This issue allows a Cross-Site scripting attack.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch-rhel8-operator	Will not fix
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Will not fix
Red Hat JBoss Fuse 6	Kibana	Out of support scope
Red Hat JBoss Fuse Service Works 6	Kibana	Out of support scope
Red Hat OpenShift Container Platform 3.11	kibana	Will not fix
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-kibana5	Will not fix
Red Hat OpenShift Container Platform 4	openshift4/ose-elasticsearch-operator	Fix deferred
Red Hat OpenShift Container Platform 4	openshift4/ose-logging-kibana6	Fix deferred
Red Hat OpenStack Platform 13 (Queens)	puppet-kibana3	Out of support scope
Red Hat OpenStack Platform 16.1	puppet-kibana3	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2066387kibana: cross-site-scripting (XSS) issue (ESA-2022-04)

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-23710

CVSS3: 6.1

nvd

почти 4 года назад

CVE-2022-23710

CVSS3: 6.1

debian

почти 4 года назад

A cross-site-scripting (XSS) vulnerability was discovered in the Data ...

GHSA-m6gg-86c6-gfr9

CVSS3: 6.1

github

почти 4 года назад

Withdrawn: Cross-site Scripting in Kibana

6.1 Medium

CVSS3