← Volver a CVEs
CVE-2022-23707
MEDIUM5.4
Descripcion
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/11/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
elastic:kibana
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215(security@elastic.co)
https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.