EIQ-2018-0022#

ID

EIQ-2018-0022

CVE

CVE-2018-3830

Description

Cross-site scripting (XSS) vulnerability in Kibana

Date

-

Severity

2 - MEDIUM

CVSSv3 score

6.1

Status

✅ 2.3.3

Assessment

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter.

This could allow an attacker to obtain sensitive information from, or perform destructive actions on behalf of other Kibana users.

Mitigation

Upgrade the ELK stack to 5.6.14.

Affected versions

2.3.2 and earlier.

Notes

-