Headline

CVE-2021-22142: Elastic Stack 7.13.0 and 6.8.16 Security Update

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

12 months ago

CVE

Open in Source

#vulnerability #chrome

Related news

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #debian #dos #apache #nodejs #js #git #java #kubernetes #rce #perl #ldap #ssrf #pdf #log4j #oauth #auth #ibm #ruby #postgres #jira #chrome #ssl

CVE-2022-23712: Security issues

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

2 years ago

CVE

Open in Source