HomePentest-Tools.com Logo

Elastic Kibana CVE-2018-3821 Cross-Site Scripting (XSS) Vulnerability (Windows)

Severity
CVSSv3 Score
6.1
Vulnerability description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability.

Risk description

The flaw is due to a bug in the labs visualization. The vulnerability could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Recommendation

Users should update to Kibana version 6.1.3 or 5.6.7. There are no known workarounds for this issue.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 30, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available