CVE-2021-22141 — Vulnetix

CVE-2021-22141 PUBLISHED CVSS 6.099999904632568 MEDIUM

An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.

EPSS 0.24% · 47.1th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.24%

47.1th percentile

Affected Products

Vendor	Product	Versions
elastic	kibana	7.0.0, 0
Elastic	Kibana	All versions of Kibana before 7.13.0 and 6.8.16.

Timeline

Nov 18, 2022 CVE Published
Nov 19, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Feb 12, 2023 EPSS Score
Mar 27, 2023 EPSS Score
May 8, 2023 EPSS Score
Jun 20, 2023 EPSS Score
Aug 2, 2023 EPSS Score
Sep 13, 2023 EPSS Score
Oct 26, 2023 EPSS Score
Jan 19, 2024 EPSS Score
Mar 2, 2024 EPSS Score

References

https://www.elastic.co/community/security/ url
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964 url
https://nvd.nist.gov/vuln/detail/CVE-2021-22141 advisory
https://www.elastic.co/community/security url

Open in Interactive Console →