Vulnerability Description
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Kibana | >= 7.0.0, < 7.13.0 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273Vendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2021-22142?
CVE-2021-22142 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbit...
How severe is CVE-2021-22142?
CVE-2021-22142 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22142?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Kibana.