PT-2017-18331 · Elastic · Kibana

Published

2017-06-05

Updated

2020-08-14

CVE-2017-8439

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Kibana version 5.4.0

Description A Cross Site Scripting (XSS) bug was found in the Time Series Visual Builder, which could allow an attacker to obtain sensitive information from Kibana users.

Recommendations For Kibana version 5.4.0, update to a version that fixes the XSS bug in the Time Series Visual Builder to prevent potential information disclosure.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-8439

Affected Products

Kibana

PT-2017-18331 · Elastic · Kibana

CVE-2017-8439

Weakness Enumeration

Related Identifiers

Affected Products

References · 6