EIQ-2019-0013#
ID |
EIQ-2019-0013 |
|---|---|
CVE |
|
Description |
Cross-site scripting (XSS) vulnerability in Kibana |
Date |
12 Mar 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
✅ 2.3.4 |
Assessment |
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability. An attacker could exploit the vulnerability to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. |
Mitigation |
Upgrade to Kibana 5.6.15 or 6.6.1. |
Affected versions |
2.3.3 and earlier. |
Notes |
- |