Kibana version 8.12.0 Vulnerabilities

baskarsp · May 1, 2024, 5:31pm

Hello Team,
Currently we are using elastic Kibana version 8.12.0, and our internal security tool identified there are three critical Vulnerabilities as provided below in the screenshot with Kibana version 8.12.0. Could you please let me know more details about how these reported CVE packages are used in Kibana and what would be the actual impact of these Vulnerabilities in Kibana while using it.

Also let us know if you have any other details for those vulnerabilities how it can be addressed.

https://nvd.nist.gov/vuln/detail/CVE-2023-42282
https://nvd.nist.gov/vuln/detail/CVE-2023-36665

Marco_Liberati · May 2, 2024, 2:19pm

Hi @baskarsp

you can email with the description of the issue to security@elastic.co .
For more info about our security policy, please refer to: Security issues | Elastic

baskarsp · May 3, 2024, 5:43am

Thank you Marco. I sent a email to security@elastic.co and few days ago and i am still waiting for feedback.

Topic		Replies	Views
Expected resolution for some vulnerabilities found Elasticsearch elastic-stack-security	1	42	November 9, 2024
ELK Security Kibana	6	84	August 26, 2024
Node.js vulnerabilities Kibana	3	277	May 10, 2024
Kibana 4.x XSS -- CVE pending Security Announcements	1	5666	July 6, 2017
A question about a potential vulnerability in Kibana Kibana	4	392	February 13, 2023

Kibana version 8.12.0 Vulnerabilities

Related topics