SB2017092908 - Cross-site scripting in Kibana

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092908

SB2017092908 - Cross-site scripting in Kibana

Published: September 29, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017092908
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Cross-site scripting (CVE-ID: CVE-2017-11479)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.


Remediation

Install update from vendor's website.

References