CVE-2018-3820Cross-site Scripting in Kibana

CWE-79Cross-site Scripting6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 42.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedMar 30
Latest updateMay 13

Description

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDelastic/kibana< 6.1.3
CVEListV5elastic/kibanaafter 6.1.0 and before 6.1.3

🔴Vulnerability Details

3
GHSA
GHSA-p3h2-pqwh-g6hj: Kibana versions after 62022-05-13
OSV
linux-hwe, linux-azure, linux-gcp vulnerabilities2018-11-14
CVEList
CVE-2018-3820: Kibana versions after 62018-03-30

📋Vendor Advisories

1
Red Hat
kibana: cross-site scripting (XSS) in labs visualizations2018-01-30

💬Community

1
Bugzilla
CVE-2018-3820 kibana: cross-site scripting (XSS) in labs visualizations2018-03-06
CVE-2018-3820 — Cross-site Scripting in Elastic Kibana | cvebase