ghsa-823g-p8g4-q559
Vulnerability from github
Published
2022-05-24 19:02
Modified
2022-05-24 19:02
Details

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-22139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users.",
  "id": "GHSA-823g-p8g4-q559",
  "modified": "2022-05-24T19:02:19Z",
  "published": "2022-05-24T19:02:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22139"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/7-12-1-security-update/271433"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.