EIQ-2018-0022



ID

EIQ-2018-0022

CVE

CVE-2018-3830

Description

Cross-site scripting (XSS) vulnerability in Kibana

Date

-

Severity

2 - MEDIUM

CVSSv3 score

6.1

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.3.3

Assessment

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter.
This could allow an attacker to obtain sensitive information from, or perform destructive actions on behalf of other Kibana users.

Mitigation

Upgrade the ELK stack to 5.6.14.

Affected versions

2.3.2 and earlier.

Notes

-

< Back to all security issues and mitigation actions

In release notes 2.3.3