CVE-2022-23707

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23707

Published

2022-02-11T18:15:11.797Z

Modified

2026-02-06T22:25:46.111841Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

3ae9ac9a93c95bd0cdc054951cf95d88e1e18d96

Fixed

bee86328705acaa9a6daede7140defd4d9ec56bd

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23707.json"

Git / github.com/elastic/kibana

Affected ranges

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

6d05841a418cfec4a88f0afbee172bccd9f0cded

Fixed

60a9838d21b6420bbdb5a4d07099111b74c68ceb

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23707.json"