Kibana XSS (ESA-2019-17)
Thanks to Eran Vaknin and Rotem Reiss, Security Researchers, for reporting this issue.
Kibana versions before 7.5.1 and 6.8.6
Solutions and Mitigations:
Users should upgrade to Elasticsearch version 7.5.1 or 6.8.6. Users who are unable to upgrade can set ‘xpack.maps.enabled: false’, ‘region_map.enabled: false’, and ‘tile_map.enabled: false’ in kibana.yml to disable map visualizations.
CVSSv3: 7.3 - AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE ID: CVE-2019-7621