CVE-2022-23707Cross-site Scripting in Kibana

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 50.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDelastic/kibana7.5.17.17.0
CVEListV5elastic/kibana7.5.1 through 7.16.3

Patches

Patch: discuss.elastic.coPatch: discuss.elastic.co

🔴Vulnerability Details

2
GHSA
GHSA-xj4h-2rjf-hh84: An XSS vulnerability was found in Kibana index patterns2022-02-12
CVEList
CVE-2022-23707: An XSS vulnerability was found in Kibana index patterns2022-02-11

📋Vendor Advisories

1
Red Hat
Kibana: Cross-site scripting issue (ESA-2022-01)2022-02-03
CVE-2022-23707 — Cross-site Scripting in Elastic Kibana | cvebase