CVE-2021-22142
published 2023-11-22CVE-2021-22142: Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.01%
58.7th percentile
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | >= 7.0.0 < 7.13.0 | 7.13.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-69j9-xj6j-fmpq: Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports
ghsa_unreviewed·2023-11-22
CVE-2021-22142 [MEDIUM] CWE-1104 GHSA-69j9-xj6j-fmpq: Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Red Hat
kibana: Use of Unmaintained Third Party Components
vendor_redhat·2021-05-25·CVSS 6.6
CVE-2021-22142 [MEDIUM] CWE-1021 kibana: Use of Unmaintained Third Party Components
kibana: Use of Unmaintained Third Party Components
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses. An attacker potentially is able to leverage known Chromium vulnerabilities to conduct further attacks.
Statement: The kibana reporting feature is part of the X-Pack features [1].
In OpenShift Container Platform (OCP) the kibana components
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-22
Published