Dear Team,
Security team has raised a flag that Kibana is prone to CSRF attack . We have deployed latest version of ECK Components. Please can you guide me if there is any settings which can help to fix this.
ECK 1.1.2
Elastic 7.8.0
Kibana 7.8.0
I was under impression that this vulnerability was fixed in Kiaban 5.x+ versions.
Please help.
Thanks.
Any more details from your security team on the vulnerability they've detected? If they saw it manually, what pages and elements were they looking at? Or if an automatic tool flagged Kibana as vulnerable, can you provide the output of the tool?
Send these details to Security issues | Elastic rather than posting the answers here.
I was under impression that this vulnerability was fixed in Kiaban 5.x+ versions.
That's still correct, the last known CSRF vulnerability isn't present in Kibana 5 or above. List of public vulnerabilities: Elasticsearch Kibana : Security vulnerabilities, CVEs . So if there is no mistake and your team has detected a new one, please have them send details to that page ^ ASAP, your report would be much appreciated.
Hi @Emanuil I have send the data to security but i did not hear back. What will be the best way to follow up on that. Thanks.
Let's move this to direct messages, thanks for reporting. I'll follow up.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.