jisha
(jisha)
August 19, 2022, 3:15am
1
what are the Vulnerabilities of elk 7.17.3v ? what are the Solutions to fix those vulnerabilities?
warkolm
(Mark Walkom)
August 19, 2022, 4:33am
2
Upgrade is always the answer, as we do not backport any security fixes.
jisha
(jisha)
August 19, 2022, 4:35am
3
I need the Vulnerabilities details of elk 7.17.3v
jisha
(jisha)
August 19, 2022, 4:50am
4
How to check the Vulnerabilities of elk 7.17.3v?
I am not aware of an list, but you can see what has been fixed in subsequent versions through the security announcements and release notes:
Elastic Stack update for CVE-2022-21449 Java vulnerability in Elliptic Curve Digital Signature Algorithm (ECDSA) (ESA-2022-06)
A vulnerability (CVE-2022-21449) affecting the implementation of Elliptic Curve Digital Signing Algorithm (ECDSA) based signatures verification in Java JDK versions 15 and later was published on April 19, 2022. This vulnerability affects Oracle Java and OpenJDK, including other JDKs derived from OpenJDK.
Affected Products and Versions
Elasticsearch 6.8.x, 7.9.2 and l…
Kibana cross-site-scripting (XSS) issue (ESA-2022-08)
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
Affected Versions:
Versions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3
Solutions and Mitigations:
The issue is fixed in versions 8.3.0 and 7.17.5.
If you are unable to upgrade, you can select to disable Vega visualizations :
For on premise installations, you can …
system
(system)
Closed
September 16, 2022, 7:39am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.