Bug 2066386 (CVE-2022-23709)
| Summary: | CVE-2022-23709 kibana: missing authorization issue (ESA-2022-03) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, aos-bugs, bmontgom, chazlett, eglynn, eparis, ewolinet, gmalinko, janstey, jburrell, jcantril, jjoyce, jochrist, jokerman, jschluet, jwon, lhh, mburns, nstielau, rhos-maint, slinaber, sponnaga, spower, tvignaud, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Kibana. This issue allows users with read access to the Uptime feature to modify alerting rules, allowing them to create new or overwrite existing ones. However, any rules created this way are not enabled by default and allow the user to disable an existing, enabled alert rule.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2072286, 2072287, 2072288, 2072289, 2072290, 2072291, 2072296 | ||
| Bug Blocks: | 2066389 | ||
|
Description
Patrick Del Bello
2022-03-21 16:11:41 UTC
Created puppet-kibana3 tracking bugs for this issue: Affects: openstack-rdo [bug 2072296] |