EIQ-2018-0008
ID |
EIQ-2018-0008 (Former ref.: 1801-13) |
CVE |
- |
Description |
Cross-site request forgery (CSRF) enables changes to Kibana |
Date |
- |
Severity |
1 - LOW |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
Planned |
Assessment |
A cross-site request forgery (CSRF) vulnerability was identified in the Kibana third-party dashboard component of the platform. |
Mitigation |
An update to the third party component is planned for a future release. In addition, we are considering a split in the platform between administrative tasks and CTI management, which addresses this issue. If Kibana is not used, it can be turned off. |
Affected versions |
2.7.1 and earlier. |
Notes |
Only users with an admin flag (is_admin=True) have access to Kibana, which exposes only the logs from the platform. |
< Back to all security issues and mitigation actions
In release notes 2.7.1
In release notes 2.8.0