Bug 2051419 (CVE-2022-23707)
Summary: | CVE-2022-23707 Kibana: Cross-site scripting issue (ESA-2022-01) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, bmontgom, chazlett, dbecker, eparis, ewolinet, gmalinko, janstey, jburrell, jcantril, jjoyce, jochrist, jokerman, jschluet, jwon, lhh, lpeer, mburns, nstielau, rhos-maint, sclewis, slinaber, sponnaga, tvignaud, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kibana 7.17.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A Cross-Site Scripting (XSS) vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permission to create index patterns can inject malicious javascript into the index pattern, which could execute against other users.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2051714, 2051715, 2052293, 2052294, 2052295, 2052296, 2052297 | ||
Bug Blocks: | 2051420 |
Description
Avinash Hanwate
2022-02-07 08:28:12 UTC
Created puppet-kibana3 tracking bugs for this issue: Affects: openstack-rdo [bug 2052293] |