Описание
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
A flaw was found in Kibana that could result in an attacker exposing sensitive information related to Elastic Stack monitoring in the Kibana page source, if a user has set the optional monitoring.ui.elasticsearch.* settings. This could result in a loss of confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel8-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Red Hat JBoss Fuse 6 | Kibana | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | Kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-kibana5 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-elasticsearch-operator | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | puppet-kibana3 | Not affected | ||
| Red Hat OpenStack Platform 16.1 | puppet-kibana3 | Not affected |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
A vulnerability in Kibana could expose sensitive information related t ...
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
Уязвимость сервиса визуализации данных Kibana связанная с раскрытием информации, позволяющая нарушителю раскрыть защищаемую информацию
8.2 High
CVSS3