---

CVE-2021-22136 - log back

CVE-2021-22136 edited at 23 Mar 2021 18:45:32
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Incorrect calculation
Description	+ A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
References	+ https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

CVE-2021-22136 created at 23 Mar 2021 18:44:22
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes