Denial Of Service (DoS)

2020-07-2804:20:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

35.4%

JSON

kibana is vulnerable to denial of service (DoS). The vulnerability exists as the timelion labels could be used to cause slowdowns when parsed through the RegExp object.

CPENameOperatorVersion
kibanale6.8.10
kibanale7.8.0
kibanale6.8.10
kibanale7.8.0

Name	Operator	Version
kibana	le	6.8.10
kibana	le	7.8.0
kibana	le	6.8.10
kibana	le	7.8.0

References

discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786

github.com/elastic/kibana/commit/0d7471f74166abbdf95db0f0bb4079883d083dd7

github.com/elastic/kibana/commit/de358b62f8845cebd1cd3530d9ebf123a89b9b1b

www.elastic.co/community/security#ESA-2020-09

www.elastic.co/community/security/

www.oracle.com//security-alerts/cpujul2021.html

0.001 Low

EPSS

Percentile

35.4%

JSON

Related for VERACODE:25967