Vulnerability Description
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Kibana | >= 5.3.0, <= 6.4.1 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:3537Third Party Advisory
- https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/1490Release NotesVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:3537Third Party Advisory
- https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/1490Release NotesVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2018-3830?
CVE-2018-3830 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive ac...
How severe is CVE-2018-3830?
CVE-2018-3830 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3830?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Kibana, Redhat Openshift Container Platform.