Vulnerability Details CVE-2021-22151
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 3.1
References
Products affected by CVE-2021-22151
-
cpe:2.3:a:elastic:kibana:7.10.0
-
cpe:2.3:a:elastic:kibana:7.10.1
-
cpe:2.3:a:elastic:kibana:7.10.2
-
cpe:2.3:a:elastic:kibana:7.11.0
-
cpe:2.3:a:elastic:kibana:7.11.1
-
cpe:2.3:a:elastic:kibana:7.11.2
-
cpe:2.3:a:elastic:kibana:7.12.0
-
cpe:2.3:a:elastic:kibana:7.12.1
-
cpe:2.3:a:elastic:kibana:7.13.0
-
cpe:2.3:a:elastic:kibana:7.13.1
-
cpe:2.3:a:elastic:kibana:7.14.0
-
cpe:2.3:a:elastic:kibana:7.9.0
-
cpe:2.3:a:elastic:kibana:7.9.1
-
cpe:2.3:a:elastic:kibana:7.9.2
-
cpe:2.3:a:elastic:kibana:7.9.3