Kibana open redirect issue (ESA-2023-03)
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Affected Versions:
Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.1
Solutions and Mitigations:
The issue is resolved in versions 7.17.9 and 8.6.2
CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID: CVE-2022-38779