Vulnerability-Lookup - Search a vulnerability

CVE-2020-7016 (GCVE-0-2020-7016)

Vulnerability from cvelistv5

Published

2020-07-27 18:00

Modified

2024-08-04 09:18

Severity ?

CWE

CWE-185 - Incorrect Regular Expression

Summary

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

References

►

URL

	Vendor	Product	Version
	Elastic	Kibana	Version: before 6.8.11 and 7.8.1

CVE-2020-7017 (GCVE-0-2020-7017)

Vulnerability from cvelistv5

Published

2020-07-27 18:00

Modified

2024-08-04 09:18

Severity ?

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.

References

►

URL

	Vendor	Product	Version
	Elastic	Kibana	Version: before 6.8.11 and 7.8.1

CVE-2017-11479 (GCVE-0-2017-11479)

Vulnerability from cvelistv5

Published

2017-09-28 19:00

Modified

2024-08-05 18:12

Severity ?

CWE

n/a

Summary

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Vulnerability from fkie_nvd

Published

2020-07-27 18:15

Modified

2024-11-21 05:36

Severity ?

6.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

Summary

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.

References

URL	Tags
bressers@elastic.co	https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786	Release Notes, Vendor Advisory
bressers@elastic.co	https://www.elastic.co/community/security/	Vendor Advisory
bressers@elastic.co	https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.elastic.co/community/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Third Party Advisory

Impacted products

Vendor	Product	Version
elasticsearch	kibana	*
elasticsearch	kibana	*
oracle	communications_billing_and_revenue_management	12.0.0.3.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.7.0
oracle	peoplesoft_enterprise_peopletools	8.58

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "598008DD-95C5-442F-91C0-4A05C742FBF8",
              "versionEndExcluding": "6.8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D880C23A-1226-42E5-8A51-D810E2FC46FB",
              "versionEndExcluding": "7.8.1",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CB33EB2-6D6A-424B-91AF-3F0EF7FCE470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
    },
    {
      "lang": "es",
      "value": "En Kibana versiones anteriores a 6.8.11 y 7.8.1, la visualizaci\u00f3n del mapa de regi\u00f3n contiene un fallo de tipo XSS almacenado. Un atacante que es capaz de editar o crear una visualizaci\u00f3n de mapa de regi\u00f3n podr\u00eda obtener informaci\u00f3n confidencial o llevar a cabo acciones destructivas en nombre de los usuarios de Kibana que ven la visualizaci\u00f3n del mapa de regi\u00f3n"
    }
  ],
  "id": "CVE-2020-7017",
  "lastModified": "2024-11-21T05:36:30.080",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-27T18:15:14.233",
  "references": [
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
    },
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security/"
    },
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    }
  ],
  "sourceIdentifier": "bressers@elastic.co",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "bressers@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-29 01:34

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

URL	Tags
bressers@elastic.co	http://www.openwall.com/lists/oss-security/2019/10/24/1
bressers@elastic.co	http://www.openwall.com/lists/oss-security/2019/10/29/3
bressers@elastic.co	https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/24/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/29/3
af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884	Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
elastic	kibana	5.0.0
elastic	kibana	5.0.1
elastic	kibana	5.0.2
elastic	kibana	5.1.1
elastic	kibana	5.1.2
elastic	kibana	5.2.0
elastic	kibana	5.2.1
elastic	kibana	5.2.2
elastic	kibana	5.3.0
elastic	kibana	5.3.1
elastic	kibana	5.3.2
elastic	kibana	5.3.3
elastic	kibana	5.4.0
elastic	kibana	5.4.1
elastic	kibana	5.4.2
elastic	kibana	5.4.3
elastic	kibana	5.5.0
elastic	kibana	5.5.1
elastic	kibana	5.5.2
elastic	kibana	5.5.3
elastic	kibana	5.6.0
elasticsearch	kibana	5.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAFDC79-44C7-4CD4-BAF7-E4263A94D55E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19498633-0929-4FA6-84AA-21D392CF9431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD1A0D0-D2AD-48A1-B833-4D3914631D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "794A6F03-3152-4A05-911F-3EA58250E906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E8AB6F-EA19-4C92-8AAE-FE6EFA06AF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FDE1AED-DB91-4DAA-9AD8-5859C7D58AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B420684-A6B0-46E4-8214-F8BB1D3E1E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEBBEEC5-0843-41F1-BD55-0C8C8CA781FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88ABA67-0305-46E3-AAED-E3FC9F963F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93558649-84F5-448A-B191-1A0052150929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02CD0D6D-2AC7-46E2-ABBE-B780F47DD4B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "059C285F-499A-481D-876E-9BEA2EC8628C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E741D583-C568-4A93-A344-A54267B292F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "653C9B4E-5A67-4566-B687-68454C72B1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "852CEAF2-B88A-44AB-8B83-9A568CDBCEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDBCC33B-3171-4AD4-A57D-4C0C78536DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F168795-5821-407A-B789-3673A51D2393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8116EC73-5279-48F3-A958-0C8FAB8755B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22B3710A-8F7E-42C5-9832-47FF3EF89443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A2BA4B-B74F-40B9-9536-80BF19DE9B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C22151C-45AD-44DB-B3E0-178BC93CC8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DFD4F0-9179-4B37-90B0-8CFF88CE3828",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
    },
    {
      "lang": "es",
      "value": "Las versiones anteriores a la 5.6.1 de Kibana presentan una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Timelion que podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible o realizar acciones destructivas en nombre de otros usuarios de Kibana."
    }
  ],
  "id": "CVE-2017-11479",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-29T01:34:48.530",
  "references": [
    {
      "source": "bressers@elastic.co",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "bressers@elastic.co",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
    }
  ],
  "sourceIdentifier": "bressers@elastic.co",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-27 18:15

Modified

2024-11-21 05:36

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Summary

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

References

URL	Tags
bressers@elastic.co	https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786	Release Notes, Vendor Advisory
bressers@elastic.co	https://www.elastic.co/community/security/	Vendor Advisory
bressers@elastic.co	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.elastic.co/community/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
elasticsearch	kibana	*
elasticsearch	kibana	*
oracle	communications_billing_and_revenue_management	12.0.0.3.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.7.0
oracle	peoplesoft_enterprise_peopletools	8.58

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "598008DD-95C5-442F-91C0-4A05C742FBF8",
              "versionEndExcluding": "6.8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D880C23A-1226-42E5-8A51-D810E2FC46FB",
              "versionEndExcluding": "7.8.1",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CB33EB2-6D6A-424B-91AF-3F0EF7FCE470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
    },
    {
      "lang": "es",
      "value": "En Kibana versiones anteriores a 6.8.11 y 7.8.1, contiene un fallo de denegaci\u00f3n de servicio (DoS) en Timelion. Un atacante puede construir una URL que, cuando es visualizada por un usuario de Kibana, puede conllevar al proceso de Kibana a consumir grandes cantidades de CPU y dejar de responder"
    }
  ],
  "id": "CVE-2020-7016",
  "lastModified": "2024-11-21T05:36:29.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-27T18:15:14.170",
  "references": [
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
    },
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security/"
    },
    {
      "source": "bressers@elastic.co",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    }
  ],
  "sourceIdentifier": "bressers@elastic.co",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-185"
        }
      ],
      "source": "bressers@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to elasticsearch - kibana

CVE-2020-7016 (GCVE-0-2020-7016)

Vulnerability from cvelistv5

CVE-2020-7017 (GCVE-0-2020-7017)

Vulnerability from cvelistv5

CVE-2017-11479 (GCVE-0-2017-11479)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd