CVE-2020-7015

Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
References
Link Resource
https://www.elastic.co/community/security/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

Information

Published : 2020-06-03 06:15

Updated : 2020-10-19 11:57


NVD link : CVE-2020-7015

Mitre link : CVE-2020-7015

Products Affected
No products.
CWE