kibana

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Browser based analytics and search dashboard for Elasticsearch
Version 7.8.0-1 [community-testing]
7.7.0-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1210 7.8.0-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-7017 AVG-1210 High Yes Content spoofing
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region...
CVE-2020-7016 AVG-1210 Medium Yes Denial of service
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-911 6.6.0-2 6.6.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-7610 AVG-911 High Yes Arbitrary code execution
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting...
CVE-2019-7609 AVG-911 High Yes Arbitrary code execution
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion...
CVE-2019-7608 AVG-911 High Yes Information disclosure
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from, or...

Advisories

Date Advisory Group Severity Description
25 Feb 2019 ASA-201902-26 AVG-911 High multiple issues