Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "5.6.7"
},
{
"introduced": "6.0.0"
},
{
"fixed": "6.1.3"
}
],
"cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "5.6.7"
},
{
"introduced": "6.0.0"
},
{
"fixed": "6.1.3"
}
],
"cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"
}