CVE-2021-22142 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content. All versions of Kibana after 7.0.0 and before 7.13.0 are affected.
Group Package Affected Fixed Severity Status Ticket
AVG-1570 kibana 7.10.2-1 Medium Vulnerable FS#70038
References
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964