kibana
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Browser based analytics and search dashboard for Elasticsearch |
| Version |
7.8.0-1 [community-testing] 7.7.0-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1210 | 7.8.0-1 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-7017 | AVG-1210 | High | Yes | Content spoofing | In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region... |
| CVE-2020-7016 | AVG-1210 | Medium | Yes | Denial of service | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-911 | 6.6.0-2 | 6.6.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-7610 | AVG-911 | High | Yes | Arbitrary code execution | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting... |
| CVE-2019-7609 | AVG-911 | High | Yes | Arbitrary code execution | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion... |
| CVE-2019-7608 | AVG-911 | High | Yes | Information disclosure | Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from, or... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 25 Feb 2019 | ASA-201902-26 | AVG-911 | High | multiple issues |