CVE-2021-22142
MEDIUMKibana 7.0.0-7.12.1 - Authenticated Remote Code Execution via Reporting Feature Chromium Embed
Title source: llmDescription
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
References (2)
Core 2
Core References
Vendor Advisory
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1
Vendor Advisory
https://www.elastic.co/community/security
Scores
CVSS v3
6.6
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1104
Status
published
Products (1)
elastic/kibana
7.0.0 - 7.13.0
Published
Nov 22, 2023
Tracked Since
Feb 18, 2026