FS#70038 - [kibana] [Security] cross-site scripting (CVE-2020-26296)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 11:36 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:31 GMT
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 11:36 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:31 GMT
|
Details
Summary
======= The package kibana is vulnerable to cross-site scripting via CVE-2020-26296. Guidance ======== Upgrading Kibana to version 7.10.2 or higher (the latest version is 7.11.2 at the moment) fixes the issue. References ========== https://security.archlinux.org/AVG-1570 https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915 |
This task depends upon
Closed by T.J. Townsend (blakkheim)
Saturday, 29 October 2022, 20:31 GMT
Reason for closing: Won't fix
Additional comments about closing: kibana was dropped to the AUR some time ago.
Saturday, 29 October 2022, 20:31 GMT
Reason for closing: Won't fix
Additional comments about closing: kibana was dropped to the AUR some time ago.
Comment by
Jonas Witschel (diabonas) -
Tuesday, 23 March 2021, 18:50 GMT
Comment by
Jonas Witschel (diabonas) -
Tuesday, 27 April 2021, 19:35 GMT
Comment by
Jonas Witschel (diabonas) -
Tuesday, 25 May 2021, 16:33 GMT
Another security issue (CVE-2021-22136) has been discovered:
https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125
Please upgrade Kibana to the fixed version 7.12.0.
Another denial of service security issue (CVE-2021-22139), fixed
in Kibana version 7.12.1:
https://discuss.elastic.co/t/7-12-1-security-update/271433
Two more security issues (CVE-2021-22141, CVE-2021-22142), fixed
in Kibana version 7.13.0:
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964