| Max CVSS | 6.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-8439 | 4.3 |
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.
|
14-08-2020 - 17:12 | 05-06-2017 - 14:29 | |
| CVE-2017-8440 | 4.3 |
Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
14-08-2020 - 17:12 | 05-06-2017 - 14:29 | |
| CVE-2017-8441 | 4.0 |
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing cer
|
09-10-2019 - 23:30 | 05-06-2017 - 14:29 | |
| CVE-2017-8438 | 6.5 |
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that co
|
09-10-2019 - 23:30 | 05-06-2017 - 14:29 |