| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-7609 | 10.0 |
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly le
|
24-07-2024 - 16:58 | 25-03-2019 - 19:29 | |
| CVE-2019-7611 | 6.8 |
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.securi
|
19-10-2020 - 18:10 | 25-03-2019 - 19:29 | |
| CVE-2019-7612 | 5.0 |
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as p
|
05-10-2020 - 20:38 | 25-03-2019 - 19:29 | |
| CVE-2019-7608 | 4.3 |
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
27-09-2019 - 05:15 | 25-03-2019 - 19:29 | |
| CVE-2019-7610 | 9.3 |
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascrip
|
30-07-2019 - 22:15 | 25-03-2019 - 19:29 |