First Last Prev Next    This bug is not in your last search results.
Bug 1195677 - (CVE-2022-23707) VUL-0: CVE-2022-23707: kibana: Cross-site scripting issue (ESA-2022-01)
(CVE-2022-23707)
VUL-0: CVE-2022-23707: kibana: Cross-site scripting issue (ESA-2022-01)
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: Cloud Bugs
Security Team bot
https://smash.suse.de/issue/322901/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-08 11:31 UTC by Carlos López
Modified: 2022-02-08 11:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-08 11:31:17 UTC 
rh#2051419

Kibana Cross-site scripting issue (ESA-2022-01)

   An XSS vulnerability was found in Kibana index patterns. Using this
   vulnerability, an authenticated user could bypass Kibana’s CSP to inject
   malicious javascript which could fire against a higher-level user.

   Affected Versions:

   Versions 7.5.1 through 7.16.3

   Solutions and Mitigations:

   Customers on affected versions should upgrade to the latest version of
   Kibana.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2051419
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23707
Comment 1 Carlos López 2022-02-08 11:33:28 UTC 
Not a lot of details for this bug, but going off of version numbers it does not look like we are affected, since we ship v4.6.6. Closing.
First Last Prev Next    This bug is not in your last search results.