CVE-2021-22141

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.

Se encontró una falla de redireccionamiento abierto en las versiones de Kibana anteriores a la versiones 7.13.0 y 6.8.16. Si un usuario que ha iniciado sesión visita una URL creada con fines malintencionados, Kibana podría redirigir al usuario a un sitio web arbitrario.

*Credits: N/A

CVSS Scores

NISTv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2022-11-18 CVE Published
2024-06-10 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964	2022-11-22
https://www.elastic.co/community/security	2022-11-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				< 6.8.16 Search vendor "Elastic" for product "Kibana" and version " < 6.8.16"		-		Affected
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				>= 7.0.0 < 7.13.0 Search vendor "Elastic" for product "Kibana" and version " >= 7.0.0 < 7.13.0"		-		Affected