An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215 | Patch Vendor Advisory |
Configurations
History
22 Feb 2022, 13:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
First Time |
Elastic kibana
Elastic |
|
CPE | cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215 - Patch, Vendor Advisory |
11 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-11 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23707
Mitre link : CVE-2022-23707
CVE.ORG link : CVE-2022-23707
JSON object : View
Products Affected
elastic
- kibana
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')