CVE-2018-3830

2018-09-1919:29:01

Google

osv.dev

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

access.redhat.com/errata/RHSA-2018:3537

discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035

www.elastic.co/community/security