CVE-2018-3830
MEDIUMKibana 5.3.0-6.4.1 - Cross-Site Scripting via Source Field Formatter
Title source: llmDescription
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3537
Vendor Advisory x_refsource_confirm
https://www.elastic.co/community/security
Scores
CVSS v3
6.1
EPSS
0.0071
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
elastic/kibana
5.3.0 - 6.4.1
redhat/openshift_container_platform
3.11
Published
Sep 19, 2018
Tracked Since
Feb 18, 2026