6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.5%
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
access.redhat.com/errata/RHSA-2018:3537
discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
www.elastic.co/community/security