CVE-2021-22142

CVSS V2 None CVSS V3 None

Description

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

Overview

CVE ID
CVE-2021-22142

Assigner
elastic

Vulnerability Status
PUBLISHED

Published Version
2023-11-22T01:00:25.568Z

Last Modified Date
2023-11-22T01:00:25.568Z

Weakness Enumerations

CWE	URL
CWE-1104	http://cwe.mitre.org/data/definitions/1104.html

References

Reference URL	Reference Tags
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1
https://www.elastic.co/community/security

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-22142
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22142

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 16:28:02				Added to TrackCVE