Kibana 7.17.9 and 8.6.2 Security Update

Kibana open redirect issue (ESA-2023-03)

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Affected Versions:

Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.1

Solutions and Mitigations:

The issue is resolved in versions 7.17.9 and 8.6.2

CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID: CVE-2022-38779