SB2021052542 - Multiple vulnerabilities in Kibana

Description

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass (CVE-ID: CVE-2021-22142)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. A remote user with permissions to generate reports can render arbitrary HTML with this Chromium browser and try to leverage known Chromium vulnerabilities to conduct further attacks.

2) Open redirect (CVE-ID: CVE-2021-22141)

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information but requires that the victim is authenticated against Kibana instance.

Remediation

Install update from vendor's website.

References

• https://www.elastic.co/community/security#ESA-2021-12
• https://www.elastic.co/community/security#ESA-2021-13