Cross-site scripting in Kibana - CVE-2017-8440

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU38922

Cross-site scripting in Kibana - CVE-2017-8440

Published: June 5, 2017 / Updated: August 8, 2020


Vulnerability identifier: #VU38922
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8440
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Elastic Stack
Affected software:
Kibana

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.


How to mitigate CVE-2017-8440

Install update from vendor's website.

Sources