Kibana versions 5.1.1 to before 6.1.2 and 5.6.6 have a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. References: https://www.elastic.co/guide/en/kibana/5.6/release-notes-5.6.6.html https://www.elastic.co/guide/en/kibana/6.1/release-notes-6.1.2.html https://github.com/elastic/kibana/pull/15837
The affected code does not exist within the version of Kibana in OpenStack.
Statement: This issue affects the versions of kibana as shipped with Red Hat OpenShift Enterprise Linux. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.