CVE-2021-22139

{"id": "CVE-2021-22139", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-05-13T18:15:09.120", "references": [{"url": "https://discuss.elastic.co/t/7-12-1-security-update/271433", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users."}, {"lang": "es", "value": "Kibana versiones anteriores a 7.12.1, contienen una vulnerabilidad de denegaci\u00f3n de servicio que se encontr\u00f3 en las acciones de webhook debido a una falta de tiempo de espera o un l\u00edmite en el tama\u00f1o de la petici\u00f3n. Un atacante con permisos para crear acciones de webhook podr\u00eda agotar el grupo de conexiones de host de Kibana, haciendo que Kibana no est\u00e9 disponible para todos los dem\u00e1s usuarios"}], "lastModified": "2021-05-21T16:37:08.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE3C6D2-7490-436D-BB2D-3249AB8A1304", "versionEndExcluding": "7.12.1"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}