Exposição de Kibana
JavaScript graphics, Search engines36
score de exposição
3
sites usam
1
em exploração
8
críticos
CVEs
107 resultadosCVE-2021-22142MEDIUMKibana Reporting vulnerabilitiesEPSS 1.0%CVE-2021-22139—Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limitEPSS 1.0%CVE-2017-8440—Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtainEPSS 1.0%CVE-2017-8439—Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker toEPSS 1.0%CVE-2023-31415CRITICALKibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send EPSS 1.0%CVE-2016-10366—Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.EPSS 0.9%CVE-2018-3818—Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow anEPSS 0.9%CVE-2022-38778MEDIUMA flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a requEPSS 0.9%CVE-2022-23711—A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack moEPSS 0.9%CVE-2018-3819—The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirectEPSS 0.9%CVE-2017-11481—Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtaiEPSS 0.8%CVE-2015-9056—Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.EPSS 0.8%CVE-2020-7015—Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVEPSS 0.8%CVE-2022-23710—A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which coEPSS 0.7%CVE-2017-11482—The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open rediEPSS 0.7%CVE-2018-3821—Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that coEPSS 0.7%CVE-2020-10743—It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercEPSS 0.7%CVE-2021-22151LOWKibana path traversal issueEPSS 0.7%CVE-2021-37938—It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf fileEPSS 0.7%CVE-2022-23713—A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to beEPSS 0.7%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →