PT-2019-5288 · Elastic · Kibana

Publicado

2019-03-25

Atualizado

2019-09-27

CVE-2019-7608

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 5.6.15 Kibana versions prior to 6.6.1

Description The issue is related to a lack of protection against cross-site scripting (XSS) attacks, which could allow a remote attacker to perform destructive actions or obtain sensitive information on behalf of other Kibana users.

Recommendations For Kibana versions prior to 5.6.15, update to version 5.6.15 or later. For Kibana versions prior to 6.6.1, update to version 6.6.1 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-02208

CVE-2019-7608

RHSA-2019:2860

Produtos afetados

Kibana

PT-2019-5288 · Elastic · Kibana

CVE-2019-7608

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10