HomePentest-Tools.com Logo

Elastic Kibana Reporting Vulnerability (ESA-2021-13) CVE-2021-22142

Severity
CVSSv3 Score
8.8
Vulnerability description

Elastic Kibana is prone to a reporting vulnerability.

Risk description

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

Recommendation

Update to version 7.13.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 22, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available