Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-26486

Опубликовано: 03 мая 2023
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

A flaw was found in one of Kibana’s dependencies. This flaw allows an attacker to perform Cross-site scripting (XSS) after loading a maliciously crafted custom visualization in Kibana.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Red Hat JBoss Fuse 6kibanaOut of support scope
Red Hat JBoss Fuse Service Works 6kibanaOut of support scope
Red Hat OpenShift Container Platform 3.11kibanaOut of support scope
Red Hat OpenShift Container Platform 3.11openshift3/ose-logging-kibana5Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2190192kibana: xss in custom visualizations

EPSS

Процентиль: 42%
0.00195
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-26486

CVSS3: 6.5
nvd
почти 3 года назад

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

debian логотип

CVE-2023-26486

CVSS3: 6.5
debian
почти 3 года назад

Vega is a visualization grammar, a declarative format for creating, sa ...

github логотип

GHSA-4vq7-882g-wcg4

CVSS3: 6.1
github
почти 3 года назад

Vega Expression Language `scale` expression function Cross Site Scripting

EPSS

Процентиль: 42%
0.00195
Низкий

6.1 Medium

CVSS3