CVE-2022-38778

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:decode-uri-component_project:decode-uri-component:*:*:*:*:*:node.js:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

16 Feb 2023, 19:42

Type Values Removed Values Added
References (MISC) https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661 - (MISC) https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661 - Vendor Advisory
References (MISC) https://www.elastic.co/community/security - (MISC) https://www.elastic.co/community/security - Vendor Advisory
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Elastic kibana
Elastic
Decode-uri-component Project decode-uri-component
Decode-uri-component Project
CPE cpe:2.3:a:decode-uri-component_project:decode-uri-component:*:*:*:*:*:node.js:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

08 Feb 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-08 21:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-38778

Mitre link : CVE-2022-38778

CVE.ORG link : CVE-2022-38778


JSON object : View

Products Affected

decode-uri-component_project

  • decode-uri-component

elastic

  • kibana
CWE
CWE-20

Improper Input Validation