CVE-2018-3821

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-3821

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3821.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-3821

Published

2018-03-30T20:29:00.443Z

Modified

2026-04-10T04:10:31.608491Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

Fixed

8221b17926966fd1e433367d6f725a69f321d5ad

Introduced

f8bc449f5a6b28d0597730b1cf03fefe7e33422e

Fixed

3db3deaf7462e4deb623412b331718062bae3d77

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.6.7"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.1.3"
        }
    ]
}

Affected versions

v4.*

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.2.0-beta1

v5.*

v5.0.0-alpha5

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v6.*

v6.0.0-alpha1

v6.0.0-alpha2

v6.1.0

v6.1.1

v6.1.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3821.json"