EIQ-2018-0021
|
ID |
EIQ-2018-0021 |
|
CVE |
|
|
Description |
Cross-site scripting (XSS) vulnerability in Kibana |
|
Date |
- |
|
Severity |
4 - CRITICAL |
|
CVSSv3 score |
9.8 |
|
Status |
|
|
Assessment |
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. |
|
Mitigation |
Upgrade the ELK stack to 5.6.14. |
|
Affected versions |
2.3.2 and earlier. |
|
Notes |
- |
2.3.3< Back to all security issues and mitigation actions
In release notes 2.3.3