CVE-2021-22142
Kibana Reporting vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Kibana contiene una versión integrada del navegador Chromium que la función de informes utiliza para generar informes descargables. Si un usuario con permisos para generar informes puede representar HTML arbitrario con este navegador, es posible que pueda aprovechar las vulnerabilidades conocidas de Chromium para realizar más ataques. Kibana contiene una serie de protecciones para evitar que este navegador muestre contenido arbitrario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2023-11-22 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1104: Use of Unmaintained Third Party Components
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1 | 2023-12-01 | |
https://www.elastic.co/community/security | 2023-12-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elastic Search vendor "Elastic" | Kibana Search vendor "Elastic" for product "Kibana" | >= 7.0.0 < 7.13.0 Search vendor "Elastic" for product "Kibana" and version " >= 7.0.0 < 7.13.0" | - |
Affected
|