CVE-2018-3830

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-3830
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3830.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-3830
Related
Published
2018-09-19T19:29:01Z
Modified
2024-09-02T23:31:17Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
3adb13b1f49935973b974a2517caa0d4d59bf4d0
Last affected
e36acdb78ec6499be861ae1b2dac264cce2f8b10
Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
ce7908cdac87af1e3b02ac4038fc3985602cf95a
Last affected
2872c74872c54d91e3e00b67c7bbc61659df0ba7