Lucene search
ElasticCVELIST:CVE-2022-23711HistoryApr 21, 2022 - 6:22 p.m.
CVE-2022-23711
2022-04-2118:22:58
CWE-200
elastic
www.cve.org
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
CNA Affected
[
{
"product": "kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "Versions 7.2.1 through 7.17.2 & 8.0.0 through 8.1.2"
}
]
}
]Related
redhatcve
redhatcve
CVE-2022-23711
2022-04-21 18:42:48
veracode
veracode
Information Disclosure
2022-04-22 13:31:29
osv
osv
CVE-2022-23711
2022-04-21 19:15:08
prion
prion
Spoofing
2022-04-21 19:15:00
cve
cve
CVE-2022-23711
2022-04-21 19:15:08
nvd
nvd
CVE-2022-23711
2022-04-21 19:15:08
openvas
openvas
nessus
nessus
Kibana 7.2.1 < 7.17.3 Sensitive Information Exposure
2023-01-11 00:00:00
Kibana 8.0.0 < 8.1.3 Sensitive Information Exposure
2023-01-11 00:00:00