CVE-2020-7015
published 2020-06-03CVE-2020-7015: Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.78%
51.3th percentile
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | < 6.8.10 | 6.8.10 |
| elastic | kibana | — | — |
| elastic | kibana | >= 7.0.0 < 7.7.1 | 7.7.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kibana: XSS in TSVB visualization (ESA-2020-08)
vendor_redhat·2020-06-03·CVSS 5.4
CVE-2020-7015 [MEDIUM] CWE-79 kibana: XSS in TSVB visualization (ESA-2020-08)
kibana: XSS in TSVB visualization (ESA-2020-08)
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
Mitigation: To mitigate this vulnerability you can set "metrics.enabled: false" in kibana.yml
Package: kibana (Red Hat OpenShift Container Platform 3.11) - Will not fix
Package: kibana (Red Hat OpenShift Container Platform 4) - Will not fix
GHSA
GHSA-xcx2-2cj3-98r7: Kibana versions before 6
ghsa_unreviewed·2022-05-24
CVE-2020-7015 [LOW] GHSA-xcx2-2cj3-98r7: Kibana versions before 6
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
No detection rules found.
No public exploits indexed.
2020-06-03
Published