EIQ-2019-0013



ID

EIQ-2019-0013

CVE

CVE-2019-7608

Description

Cross-site scripting (XSS) vulnerability in Kibana

Date

12 Mar 2019

Severity

3 - HIGH

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.3.4

Assessment

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability.
An attacker could exploit the vulnerability to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Mitigation

Upgrade to Kibana 5.6.15 or 6.6.1.

Affected versions

2.3.3 and earlier.

Notes

-

< Back to all security issues and mitigation actions

In release notes 2.3.4