EIQ-2018-0008
|
ID |
EIQ-2018-0008 (Former ref.: 1801-13) |
|
CVE |
- |
|
Description |
Cross-site request forgery (CSRF) enables changes to Kibana |
|
Date |
- |
|
Severity |
1 - LOW |
|
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
|
Status |
Planned |
|
Assessment |
A cross-site request forgery (CSRF) vulnerability was identified in the Kibana third-party dashboard component of the platform. |
|
Mitigation |
An update to the third party component is planned for a future release. In addition, we are considering a split in the platform between administrative tasks and CTI management, which addresses this issue. If Kibana is not used, it can be turned off. |
|
Affected versions |
2.7.1 and earlier. |
|
Notes |
Only users with an admin flag (is_admin=True) have access to Kibana, which exposes only the logs from the platform. |
< Back to all security issues and mitigation actions
In release notes 2.7.1
In release notes 2.8.0