| CVE-2021-22142 |
Medium |
Yes |
Insufficient validation |
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions... |
| CVE-2021-22141 |
Medium |
Yes |
Open redirect |
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana... |
| CVE-2021-22139 |
Medium |
Yes |
Denial of service |
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with... |
| CVE-2021-22136 |
Medium |
Yes |
Incorrect calculation |
A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was... |
| CVE-2020-26296 |
High |
Yes |
Cross-site scripting |
The Kibana “Vega” visualization type is susceptible to both stored and reflected cross-site scripting (XSS) via a vulnerable version of the Vega library.... |