Description
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/24/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/29/3
Scores
CVSS v3
6.1
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (22)
elastic/kibana
5.0.0
elastic/kibana
5.0.1
elastic/kibana
5.0.2
elastic/kibana
5.1.1
elastic/kibana
5.1.2
elastic/kibana
5.2.0
elastic/kibana
5.2.1
elastic/kibana
5.2.2
elastic/kibana
5.3.0
elastic/kibana
5.3.1
... and 12 more
Published
Sep 29, 2017
Tracked Since
Feb 18, 2026