AVG-1570 - kibana - Arch Linux
AVG-1570 log
| Package | kibana |
| Status | Vulnerable |
| Severity | High |
| Type | multiple issues |
| Affected | 7.10.1-1 |
| Fixed | Unknown |
| Current | 7.10.1-1 [community] |
| Ticket | FS#70038 |
| Created | Mon Feb 15 14:08:57 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22139 | Medium | Yes | Denial of service | A denial of service vulnerability was found in the Kibana webhook actions due to a lack of timeout or a limit on the request size. An attacker with... |
| CVE-2021-22136 | Medium | Yes | Incorrect calculation | A flaw in Kibana versions before 7.12.0 and 6.8.15 was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was... |
| CVE-2020-26296 | High | Yes | Cross-site scripting | The Kibana “Vega” visualization type is susceptible to both stored and reflected cross-site scripting (XSS) via a vulnerable version of the Vega library.... |