github - ghsa-jv8f-xj77-j348

ghsa-jv8f-xj77-j348

Vulnerability from github

Published

2022-05-13 01:23

Modified

2022-05-13 01:23

Severity

6.1 (Medium) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-05T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.",
  "id": "GHSA-jv8f-xj77-j348",
  "modified": "2022-05-13T01:23:30Z",
  "published": "2022-05-13T01:23:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8440"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-8440

Vulnerability from cvelistv5

Published

2017-06-05 14:00

Modified

2024-08-05 16:34

Severity

Summary

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

URL	Tags
https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released	x_refsource_CONFIRM
https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952	x_refsource_CONFIRM
https://www.elastic.co/community/security	x_refsource_CONFIRM

Impacted products

Vendor	Product
Elastic	Kibana

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:22.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.elastic.co/community/security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kibana",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "5.3.0 to 5.3.3"
            },
            {
              "status": "affected",
              "version": "5.4.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-05T13:57:01",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.elastic.co/community/security"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@elastic.co",
          "ID": "CVE-2017-8440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kibana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.3.0 to 5.3.3"
                          },
                          {
                            "version_value": "5.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Elastic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released",
              "refsource": "CONFIRM",
              "url": "https://www.elastic.co/blog/kibana-5-4-1-and-5-3-3-released"
            },
            {
              "name": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952",
              "refsource": "CONFIRM",
              "url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952"
            },
            {
              "name": "https://www.elastic.co/community/security",
              "refsource": "CONFIRM",
              "url": "https://www.elastic.co/community/security"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2017-8440",
    "datePublished": "2017-06-05T14:00:00",
    "dateReserved": "2017-05-02T00:00:00",
    "dateUpdated": "2024-08-05T16:34:22.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.