Vulnerability Description
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | Kibana | >= 7.2.1, < 7.17.3 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/kibana-7-17-3-and-8-1-3-security-update/302826Vendor Advisory
- https://discuss.elastic.co/t/kibana-7-17-3-and-8-1-3-security-update/302826Vendor Advisory
FAQ
What is CVE-2022-23711?
CVE-2022-23711 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the healt...
How severe is CVE-2022-23711?
CVE-2022-23711 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23711?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic Kibana.