Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2023-11-22T01:00:25.568Z
Updated: 2024-08-03T18:37:17.271Z
Reserved: 2021-01-04T20:17:39.856Z
Link: CVE-2021-22142
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-22T01:15:07.210
Modified: 2023-12-01T18:43:20.167
Link: CVE-2021-22142
Redhat