Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-07
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-06-25
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-06-10
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-23
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-23
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-21
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-07-30
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
CVSS Score
4.9
EPSS Score
0.022
Published
2024-06-19
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-14
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
CVSS Score
6.6
EPSS Score
0.005
Published
2023-11-22