Hi,
I'm evaluating Kibana XSS issue (ESA-2019-01) mentioned here:
this seems different from previous Kibana XSS scripting issue (ESA-2018-14), right?
I'd appreciate if somebody could provide the github PR for this fix.
Thanks!
The PR that fixed this is here: https://github.com/elastic/kibana/pull/28834
the user Shannon75 (https://discuss.elastic.co/u/shannon75) sent me an email via elastic@discoursemail about this topic with the following body of the email:
Kibana had a cross-site scripting vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users vidmate.
However, I don't see this content being posted here. Hence, I don't now if the email is spam or a real response. If it's the former, then be aware of it. If it's the latter, then, please, can you provide the link to the right PR (because the one provided seems to be for timelion only)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.