github - ghsa-xj4h-2rjf-hh84

ghsa-xj4h-2rjf-hh84

Vulnerability from github

Published

2022-02-12 00:00

Modified

2022-02-23 00:01

Details

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23707"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-11T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users",
  "id": "GHSA-xj4h-2rjf-hh84",
  "modified": "2022-02-23T00:01:28Z",
  "published": "2022-02-12T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23707"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2022-23707

Vulnerability from cvelistv5

Published

2022-02-11 17:40

Modified

2024-08-03 03:51

Severity

Summary

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

References

URL	Tags
https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215	x_refsource_MISC

Impacted products

Vendor	Product
Elastic	Kibana

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kibana",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.1 through 7.16.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-11T17:40:27",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@elastic.co",
          "ID": "CVE-2022-23707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kibana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5.1 through 7.16.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Elastic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215",
              "refsource": "MISC",
              "url": "https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2022-23707",
    "datePublished": "2022-02-11T17:40:27",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.