EIQ-2018-0022#
ID |
EIQ-2018-0022 |
|---|---|
CVE |
|
Description |
Cross-site scripting (XSS) vulnerability in Kibana |
Date |
- |
Severity |
2 - MEDIUM |
CVSSv3 score |
6.1 |
Status |
✅ 2.3.3 |
Assessment |
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter. This could allow an attacker to obtain sensitive information from, or perform destructive actions on behalf of other Kibana users. |
Mitigation |
Upgrade the ELK stack to 5.6.14. |
Affected versions |
2.3.2 and earlier. |
Notes |
- |