[kibana] [Security] cross-site scripting (CVE-2020-26296)

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 11:36 GMT

Summary
=======

The package kibana is vulnerable to cross-site scripting via CVE-2020-26296.

Guidance
========

Upgrading Kibana to version 7.10.2 or higher (the latest version is 7.11.2 at the moment) fixes the issue.

References
==========

This task depends upon

Comment by Jonas Witschel (diabonas) - Tuesday, 23 March 2021, 18:50 GMT

Another security issue (CVE-2021-22136) has been discovered: https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 Please upgrade Kibana to the fixed version 7.12.0.

Comment by Jonas Witschel (diabonas) - Tuesday, 27 April 2021, 19:35 GMT

Another denial of service security issue (CVE-2021-22139), fixed in Kibana version 7.12.1: https://discuss.elastic.co/t/7-12-1-security-update/271433

Comment by Jonas Witschel (diabonas) - Tuesday, 25 May 2021, 16:33 GMT

Two more security issues (CVE-2021-22141, CVE-2021-22142), fixed in Kibana version 7.13.0: https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964

	Tasks related to this task (0)

Duplicate tasks of this task (0)