1965465 – (CVE-2021-22141) CVE-2021-22141 kibana: URL redirection flaw

Bug 1965465 (CVE-2021-22141) - CVE-2021-22141 kibana: URL redirection flaw

Summary: CVE-2021-22141 kibana: URL redirection flaw

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2021-22141
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1969553 1871829 1966710
Blocks:	1965467
TreeView+	depends on / blocked

Reported:	2021-05-27 18:28 UTC by Pedro Sampaio
Modified:	2021-10-28 08:55 UTC (History)
CC List:	8 users (show)
Fixed In Version:	kibana 7.13.0, kibana 6.8.16
Doc Type:	If docs needed, set a value
Doc Text:	An open redirect flaw was found in Kibana. An attacker is able to redirect a logged Kibana user to an arbitrary website by specially crafted URL.
Clone Of:
Environment:
Last Closed:	2021-10-28 08:55:32 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-05-27 18:28:46 UTC

An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.

References:

https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964

Note You need to log in before you can comment on or make changes to this bug.