Exposición de Kibana

JavaScript graphics, Search engines

36

score de exposición

3

sitios usan

1

en explotación

8

críticos

CVEs

107 resultados

CVE-2018-3820—Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacEPSS 0.7%CVE-2023-31422CRITICALKibana Insertion of Sensitive Information into Log FileEPSS 0.7%CVE-2023-46671HIGHKibana Insertion of Sensitive Information into Log FileEPSS 0.7%CVE-2019-7621—Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attackeEPSS 0.7%CVE-2023-46675HIGHKibana Insertion of Sensitive Information into Log FileEPSS 0.6%CVE-2023-31414HIGHKibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuratEPSS 0.6%CVE-2021-22141MEDIUMAn open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could EPSS 0.5%CVE-2022-23709—A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilegEPSS 0.5%CVE-2022-23707—An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index paEPSS 0.5%CVE-2022-38779—An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciouslyEPSS 0.5%CVE-2024-23446MEDIUMKibana Broken Access Control issueEPSS 0.5%CVE-2021-37936MEDIUMIt was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the abEPSS 0.5%CVE-2021-37939—It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, whichEPSS 0.4%CVE-2026-0531MEDIUMAllocation of Resources Without Limits or Throttling in Kibana FleetEPSS 0.4%CVE-2024-37281MEDIUMKibana Denial of Service issueEPSS 0.4%CVE-2024-12556HIGHKibana Prototype Pollution can lead to code injectionEPSS 0.4%CVE-2024-43707HIGHKibana exposure of sensitive information to an unauthorized actorEPSS 0.4%CVE-2025-25012MEDIUMKibana Open RedirectEPSS 0.4%CVE-2024-37279MEDIUMKibana Broken Access Control issueEPSS 0.4%CVE-2026-0543MEDIUMImproper Input Validation in Kibana Email Connector Leading to Excessive AllocationEPSS 0.4%

← anteriorpágina 3 / 6siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →