kibana

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Browser based analytics and search dashboard for Elasticsearch
Version	7.10.1-1 [community]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1570	7.10.1-1		High	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2020-26296	AVG-1570	High	Yes	Cross-site scripting	The Kibana “Vega” visualization type is susceptible to both stored and reflected cross-site scripting (XSS) via a vulnerable version of the Vega library....

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1210	7.8.0-1	7.9.1-1	High	Fixed
AVG-911	6.6.0-2	6.6.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-7017	AVG-1210	High	Yes	Content spoofing	In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region...
CVE-2020-7016	AVG-1210	Medium	Yes	Denial of service	Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana...
CVE-2019-7610	AVG-911	High	Yes	Arbitrary code execution	Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting...
CVE-2019-7609	AVG-911	High	Yes	Arbitrary code execution	Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion...
CVE-2019-7608	AVG-911	High	Yes	Information disclosure	Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from, or...

Advisories

Date	Advisory	Group	Severity	Type
25 Feb 2019	ASA-201902-26	AVG-911	High	multiple issues