Elasticsearch Kibana vulnerabilities

CVE-2020-7017 [MEDIUM] CWE-79 CVE-2020-7017: In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS fla In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.

CVE-2020-7016 [MEDIUM] CWE-185 CVE-2020-7016: Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attac Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

CVE-2017-11479 [MEDIUM] CWE-79 CVE-2017-11479: Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.