CVE-2017-8440

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-8440

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8440.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-8440

Published

2017-06-05T14:29:00.357Z

Modified

2026-03-14T01:36:00.641258Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

Last affected

ce7908cdac87af1e3b02ac4038fc3985602cf95a

Introduced

Last affected

b7417c4d48eb56df8d5448a2eea14dd56356c28a

Introduced

Last affected

6c330d3c77b0af1c5a29302e0a7a45f33fcb6869

Introduced

Last affected

75afc9fbb024df55fa01acd1a4c2f76d44961746

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.0"
        }
    ]
}

Affected versions

v4.*

v4.0.0

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.0.0BETA1

v4.1.0

v4.2.0-beta1

v5.*

v5.0.0-alpha5

v5.3.0

v5.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8440.json"