CVE-2018-3818
published 2018-03-30CVE-2018-3818: Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain…
PriorityP423medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.89%
54.8th percentile
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | — | — |
| elastic | kibana | 5.1.1 – 6.1.2 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74m8-h6g5-7m87: Kibana versions 5
ghsa_unreviewed·2022-05-13
CVE-2018-3818 [MEDIUM] CWE-79 GHSA-74m8-h6g5-7m87: Kibana versions 5
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Red Hat
kibana: Cross-site scripting (XSS) vulnerability via colored fields formatter
vendor_redhat·2018-01-16·CVSS 6.1
CVE-2018-3818 [MEDIUM] CWE-79 kibana: Cross-site scripting (XSS) vulnerability via colored fields formatter
kibana: Cross-site scripting (XSS) vulnerability via colored fields formatter
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Statement: This issue affects the versions of kibana as shipped with Red Hat OpenShift Enterprise Linux. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: kibana (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools) - Not affected
P
No detection rules found.
No public exploits indexed.
2018-03-30
Published