Needed info on Kibana cross site scripting issue (ESA-2017-22)

(SK) #1


Hi I am currently using Kibana 5.6.4 and As mentioned in the security announcements , it seems this issue is not present in 5.6.5. I tried to search in github what was the fix made or under what bug was this issue tracked. I couldn't get that info. Could you please help me to find the git issue number/commit id associated with this issue. Similarly how do i find what under which git issue /commits a particular SV reported in is tracked/ fixed.

(SK) #2

@joshbressers Could you please assist in this

(Christian Dahlqvist) #3

@SKumarMN Please read this, especially the "Also be patient" part.

This forum is manned by volunteers, so please be patient and do not ping anyone not already involved in the thread.

(Tim Roes) #4


the PR, that fixes ESA-2017-22 is #14994.

How to find them: we usually try to add the "ESA" number to the PR, once it's disclosed, so that you should be able to search for them on GitHub. This one didn't had it so I just added it.


(SK) #5

Thanks @timroes . Also When i search for "ESA-2017" text in issues list i see just the three occurrences. Seems like many PR's are not associated with SV numbers..

(system) closed #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.