CVE-2022-23711

Source
https://cve.org/CVERecord?id=CVE-2022-23711
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23711.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23711
Published
2022-04-21T18:22:58Z
Modified
2026-07-15T02:11:14.455516349Z
Summary
[none]
Details

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.

Database specific
{
    "cna_assigner": "elastic",
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23711.json"
}
References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.2.1"
        },
        {
            "fixed": "7.17.3"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.1.3"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23711.json"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.2.1"
        },
        {
            "fixed": "7.17.3"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.1.3"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23711.json"