EIQ-2018-0021#
ID |
EIQ-2018-0021 |
|---|---|
CVE |
|
Description |
Cross-site scripting (XSS) vulnerability in Kibana |
Date |
- |
Severity |
4 - CRITICAL |
CVSSv3 score |
9.8 |
Status |
✅ 2.3.3 |
Assessment |
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. |
Mitigation |
Upgrade the ELK stack to 5.6.14. |
Affected versions |
2.3.2 and earlier. |
Notes |
- |