CVE-2022-23711Sensitive Information Exposure in Kibana

CWE-200Sensitive Information ExposureCWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 55.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedApr 21
Latest updateApr 22

Description

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure K

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDelastic/kibana7.2.17.17.3+1
CVEListV5elastic/kibanaVersions 7.2.1 through 7.17.2 & 8.0.0 through 8.1.2

🔴Vulnerability Details

2
GHSA
GHSA-83v8-h997-4xf4: A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source2022-04-22
CVEList
CVE-2022-23711: A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source2022-04-21

📋Vendor Advisories

1
Red Hat
kibana: Exposure of Sensitive Information (ESA-2022-05)2022-04-20
CVE-2022-23711 — Sensitive Information Exposure | cvebase