AVG-1570 log

Package kibana
Status Vulnerable
Severity Medium
Type multiple issues
Affected 7.10.2-1
Fixed Unknown
Current 7.10.2-1 [community]
Ticket FS#70038
Created Mon Feb 15 14:08:57 2021
Issue Severity Remote Type Description
CVE-2021-37936 Medium Yes Content spoofing
A security issue has been found in kibana before version 7.14.1. It was discovered that kibana was not sanitizing document fields containing html snippets....
CVE-2021-22151 Medium Yes Directory traversal
A security issue has been found in kibana before version 7.14.1. It was discovered that Kibana was not validating a user supplied path, which would load...
CVE-2021-22150 Medium Yes Arbitrary code execution
A security issue has been found in kibana before version 7.14.1. It was discovered that a user with fleet admin permissions could upload a malicious...
CVE-2021-22142 Medium Yes Insufficient validation
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions...
CVE-2021-22141 Medium Yes Open redirect
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana...
CVE-2021-22139 Medium Yes Denial of service
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with...
CVE-2021-22136 Medium Yes Incorrect calculation
A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was...