CVE-2018-3820
published 2018-03-30CVE-2018-3820: Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.69%
47.9th percentile
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | < 6.1.3 | 6.1.3 |
| elastic | kibana | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.8HIGH
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kibana: cross-site scripting (XSS) in labs visualizations
vendor_redhat·2018-01-30·CVSS 6.1
CVE-2018-3820 [MEDIUM] CWE-79 kibana: cross-site scripting (XSS) in labs visualizations
kibana: cross-site scripting (XSS) in labs visualizations
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Statement: This issue affects the versions of kibana as shipped with Red Hat OpenShift Enterprise Linux. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: kibana (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools) - Not affected
Package: kibana (Red Hat Op
GHSA
GHSA-p3h2-pqwh-g6hj: Kibana versions after 6
ghsa_unreviewed·2022-05-13
CVE-2018-3820 [MEDIUM] CWE-79 GHSA-p3h2-pqwh-g6hj: Kibana versions after 6
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
OSV
linux-hwe, linux-azure, linux-gcp vulnerabilities
osv·2018-11-14·CVSS 7.8
linux-hwe, linux-azure, linux-gcp vulnerabilities
linux-hwe, linux-azure, linux-gcp vulnerabilities
USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel
did not properly perform input validation in some situations. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-15471)
It was discovered that the generic SCSI driver in the Linux kernel did not
properly enforce permissions on kernel memory access. A local attacker
could use this to expose sensitive information or possibly elevate
privileges. (CVE-2017-13168)
It was discovered that an intege
No detection rules found.
No public exploits indexed.
2018-03-30
Published