2051419 – (CVE-2022-23707) CVE-2022-23707 Kibana: Cross-site scripting issue (ESA-2022-01)

Bug 2051419 (CVE-2022-23707) - CVE-2022-23707 Kibana: Cross-site scripting issue (ESA-2022-01)

Summary: CVE-2022-23707 Kibana: Cross-site scripting issue (ESA-2022-01)

Keywords:
Status:	NEW
Alias:	CVE-2022-23707
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2051714 2051715 2052293 2052294 2052295 2052296 2052297
Blocks:	2051420
TreeView+	depends on / blocked

Reported:	2022-02-07 08:28 UTC by Avinash Hanwate
Modified:	2023-07-07 08:28 UTC (History)
CC List:	25 users (show)
Fixed In Version:	kibana 7.17.0
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2022-02-07 08:28:12 UTC

Kibana Cross-site scripting issue (ESA-2022-01)

   An XSS vulnerability was found in Kibana index patterns. Using this
   vulnerability, an authenticated user could bypass Kibana’s CSP to inject
   malicious javascript which could fire against a higher-level user.

   Affected Versions:

   Versions 7.5.1 through 7.16.3

   Solutions and Mitigations:

   Customers on affected versions should upgrade to the latest version of
   Kibana.

Comment 2 Anten Skrabec 2022-02-08 23:43:04 UTC

Created puppet-kibana3 tracking bugs for this issue:

Affects: openstack-rdo [bug 2052293]

Note You need to log in before you can comment on or make changes to this bug.

aileenc
bmontgom
chazlett
dbecker
eparis
ewolinet
gmalinko
janstey
jburrell
jcantril
jjoyce
jochrist
jokerman
jschluet
jwon
lhh
lpeer
mburns
nstielau
rhos-maint
sclewis
slinaber
sponnaga
tvignaud
vkumar