Skip to content

Kibana Sensitive Data Disclosure

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jul 11, 2023

Package

npm kibana (npm)

Affected versions

>= 7.8.0, <= 7.15.1

Patched versions

7.15.2

Description

It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.

References

Published by the National Vulnerability Database Nov 18, 2021
Published to the GitHub Advisory Database May 24, 2022
Reviewed Jul 11, 2023
Last updated Jul 11, 2023

Severity

Moderate

EPSS score

0.054%
(24th percentile)

Weaknesses

CVE ID

CVE-2021-37939

GHSA ID

GHSA-hp5f-qqrw-c8gj

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.