Use of JavaScript Library with Known Vulnerability

Varun_S · June 18, 2019, 9:21am

Hi,

We have done Qualys Was Security Test on Kibana [version 6.6.1 ]and we are getting use of JavaScript Library with Known Vulnerability .

Description of Vulnerability :-

Can you please help us to resolve this issue.

christophilus · July 2, 2019, 6:35pm

The latest version of Kibana is currently on jQuery 3.4.1. I'm not sure what our patching policy is, but I will ask the security team.

christophilus · July 2, 2019, 6:36pm

My advice would be to upgrade to Kibana 7.x or at least to the latest 6.x.

Brandon_Kobel · July 3, 2019, 9:13pm

Hey @Varun_S, for security reports like these in the future please send an e-mail to security@elastic.co per https://www.elastic.co/community/security.

Our usages of jQuery in Kibana weren't vulnerable to this CVE, but we've upgraded jQuery to 3.4.1 starting in Kibana 7.2.0 to prevent vulnerability scanners from reporting this issue.

Varun_S · July 4, 2019, 6:32am

Thanks @christophilus

Varun_S · July 4, 2019, 6:33am

Thanks @Brandon_Kobel...

I will upgrade kibana and will run the Scan.

Christian_Dahlqvist · July 4, 2019, 9:09am

You will need to upgrade the entire stack.

system · August 1, 2019, 9:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana 4.x XSS -- CVE pending Security Announcements	1	5669	July 6, 2017
Kibana Cross-Site Scripting Vulnerability CVE-2015-4093 Security Announcements	1	6382	July 6, 2017
Elastic Stack 7.14.1 Security Update Security Announcements	1	14134	November 4, 2022
Uncaught TypeError: Cannot read property 'scripted' of undefined Kibana	5	1313	May 21, 2019
Kibana Content-Security-Policy unsafe-eval Kibana	3	634	January 17, 2019

Use of JavaScript Library with Known Vulnerability

Related topics