Hi,
We have done Qualys Was Security Test on Kibana [version 6.6.1 ]and we are getting use of JavaScript Library with Known Vulnerability .
Description of Vulnerability :-
Vulnerable javascript library: jQuery
version: 3.3.1
Details:
CVE-2019-11358: jQuery versions below 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. An unsanitized
source object containing an enumerable proto property could extend the native Object.prototype. Please refer following resources for more details: https://blog.jquery.com/2019/04/10/jquery-3-4-0-
released/, https://nvd.nist.gov/vuln/detail/CVE-2019-11358, https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b, https://nvd.nist.gov/vuln/detail/CVE-2019-11358.
Found on the following pages (only first 10 pages are reported):
https://xx.xx.xx.xxx:5601/login?nextUrl=%2F#?_g=()
https://xx.xx.xx.xxx:5601/login?nextUrl=%2F%7B%7Bui.brandimage%7D%7D
https://xx.xx.xx.xxx:5601/app/kibana#/discover?_g=()
https://xx.xx.xx.xxx:5601/app/kibana#/visualize?_g=()
https://xx.xx.xx.xxx:5601/app/kibana#/dashboards?_g=()
https://xx.xx.xx.xxx:5601/app/timelion
https://xx.xx.xx.xxx:5601/app/kibana#/dev_tools?_g=()
https://xx.xx.xx.xxx:5601/app/kibana#/management?_g=()
https://xx.xx.xx.xxx:5601/login?nextUrl=%2F
https://xx.xx.xx.xxx:5601/login?nextUrl=%2Fapp%2Fkibana
Can you please help us to resolve this issue.