AVG-1570 log

Package kibana
Status Vulnerable
Severity High
Type multiple issues
Affected 7.10.1-1
Fixed Unknown
Current 7.10.1-1 [community]
Ticket FS#70038
Created Mon Feb 15 14:08:57 2021
Issue Severity Remote Type Description
CVE-2021-22142 Medium Yes Insufficient validation
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions...
CVE-2021-22141 Medium Yes Open redirect
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana...
CVE-2021-22139 Medium Yes Denial of service
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with...
CVE-2021-22136 Medium Yes Incorrect calculation
A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was...
CVE-2020-26296 High Yes Cross-site scripting
The Kibana “Vega” visualization type is susceptible to both stored and reflected cross-site scripting (XSS) via a vulnerable version of the Vega library....