CVE-2018-3821Cross-site Scripting in Kibana

CWE-79Cross-site Scripting6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 40.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedMar 30
Latest updateMay 13

Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDelastic/kibana6.0.06.1.3+1
CVEListV5elastic/kibanaafter 5.1.1 and before 5.6.7 and 6.1.3

🔴Vulnerability Details

3
GHSA
GHSA-v6m2-fcp3-vwc6: Kibana versions after 52022-05-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-11-14
CVEList
CVE-2018-3821: Kibana versions after 52018-03-30

📋Vendor Advisories

1
Red Hat
kibana: cross-site scripting (XSS) in the tag cloud visualization2018-01-30

💬Community

1
Bugzilla
CVE-2018-3821 kibana: cross-site scripting (XSS) in the tag cloud visualization2018-03-06
CVE-2018-3821 — Cross-site Scripting in Elastic Kibana | cvebase