CVE-2021-22142

{"id": "CVE-2021-22142", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-11-22T01:15:07.210", "references": [{"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-1104"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."}, {"lang": "es", "value": "Kibana contiene una versi\u00f3n integrada del navegador Chromium que la funci\u00f3n de informes utiliza para generar informes descargables. Si un usuario con permisos para generar informes puede representar HTML arbitrario con este navegador, es posible que pueda aprovechar las vulnerabilidades conocidas de Chromium para realizar m\u00e1s ataques. Kibana contiene una serie de protecciones para evitar que este navegador muestre contenido arbitrario."}], "lastModified": "2024-11-21T05:49:35.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59FC20DF-243E-4BC1-B48B-941728841B72", "versionEndExcluding": "7.13.0", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}