CVE-2018-3830

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-3830

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3830.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-3830

Downstream

RHSA-2018:3537

Published

2018-09-19T19:29:01.203Z

Modified

2026-03-15T22:28:36.944613Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

ce7908cdac87af1e3b02ac4038fc3985602cf95a

Last affected

2872c74872c54d91e3e00b67c7bbc61659df0ba7

Database specific

{
    "versions": [
        {
            "introduced": "5.3.0"
        },
        {
            "last_affected": "6.4.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3830.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.11"
            }
        ]
    }
]