CVE-2021-22141 — Open Redirect in Kibana

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elastic Kibana

Timeline

PublishedNov 18

Latest updateNov 19

Description

An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDelastic/kibana7.0.0 — 7.13.0+1

▶CVEListV5elastic/kibanaAll versions of Kibana before 7.13.0 and 6.8.16.

🔴Vulnerability Details

GHSA

GHSA-whx6-754g-3x5v: An open redirect flaw was found in Kibana versions before 7↗2022-11-19

▶

CVEList

CVE-2021-22141: An open redirect flaw was found in Kibana versions before 7↗2022-11-18

▶

📋Vendor Advisories

Red Hat

kibana: URL redirection flaw↗2021-05-25

▶