|Link||package | bugs open | bugs closed | Wiki | GitHub | web search|
|Description||Browser based analytics and search dashboard for Elasticsearch|
A security issue has been found in kibana before version 7.14.1. It was discovered that kibana was not sanitizing document fields containing html snippets....
A security issue has been found in kibana before version 7.14.1. It was discovered that Kibana was not validating a user supplied path, which would load...
|CVE-2021-22150||AVG-1570||Medium||Yes||Arbitrary code execution||
A security issue has been found in kibana before version 7.14.1. It was discovered that a user with fleet admin permissions could upload a malicious...
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions...
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana...
|CVE-2021-22139||AVG-1570||Medium||Yes||Denial of service||
A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with...
A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was...
The Kibana “Vega” visualization type is susceptible to both stored and reflected cross-site scripting (XSS) via a vulnerable version of the Vega library....
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region...
|CVE-2020-7016||AVG-1210||Medium||Yes||Denial of service||
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana...
|CVE-2019-7610||AVG-911||High||Yes||Arbitrary code execution||
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting...
|CVE-2019-7609||AVG-911||High||Yes||Arbitrary code execution||
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion...
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from, or...
|25 Feb 2019||ASA-201902-26||AVG-911||High||multiple issues|