Kibana Cross-site scripting issue (ESA-2022-01) An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user could bypass Kibana’s CSP to inject malicious javascript which could fire against a higher-level user. Affected Versions: Versions 7.5.1 through 7.16.3 Solutions and Mitigations: Customers on affected versions should upgrade to the latest version of Kibana.
Created puppet-kibana3 tracking bugs for this issue: Affects: openstack-rdo [bug 2052293]