| CVE-2021-37936 |
Medium |
Yes |
Content spoofing |
A security issue has been found in kibana before version 7.14.1. It was discovered that kibana was not sanitizing document fields containing html snippets.... |
| CVE-2021-22151 |
Medium |
Yes |
Directory traversal |
A security issue has been found in kibana before version 7.14.1. It was discovered that Kibana was not validating a user supplied path, which would load... |
| CVE-2021-22150 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in kibana before version 7.14.1. It was discovered that a user with fleet admin permissions could upload a malicious... |
| CVE-2021-22142 |
Medium |
Yes |
Insufficient validation |
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions... |
| CVE-2021-22141 |
Medium |
Yes |
Open redirect |
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana... |
| CVE-2021-22139 |
Medium |
Yes |
Denial of service |
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with... |
| CVE-2021-22136 |
Medium |
Yes |
Incorrect calculation |
A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was... |