Need info regarding Kibana cross site scripting (XSS) issue (ESA-2018-14)


#1

Hi,

currently I'm evaluating 6.x version for getting the fix regarding this:

Given that we cannot move our kibana to 6.4.1, I'd like to bring the patch for this on our code.
(Or at least determine exactly in which conditions would this happen).

Could we have the GitHub link to the patch for this?
Also, if we only have one user allowed for kibana, can this security issue happens?

I'd appreciate any info you can provide on this to allow me to secure the environment without need to pick up all the other changes.


(Jen Huang) #2

Is it possible to upgrade to 5.6.12? That will also fix the vulnerability.

Here is the PR with code changes:


#3

Thanks jen-huang for providing the link to the patch of this issue.
We are in the kibana 6 version line up but we cannot move to the 6.4.1.
I'll patch the fix into our code to fix this. Thanks a lot!


(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.