kibana vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the kibana package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Open Redirect	<7.17.29>=8.0.0 <8.17.8>=8.18.0 <8.18.3>=9.0.0 <9.0.3
H Incorrect Authorization	>=9.0.0 <9.0.6>=9.1.0 <9.1.3
M Cross-site Scripting (XSS)	>=7.0.0 <8.18.8>=8.19.0 <8.19.4>=9.0.0 <9.0.7>=9.1.0 <9.1.4
M Cross-site Scripting (XSS)	<8.18.8>=8.19.0 <8.19.5>=9.0.0 <9.0.8>=9.1.0 <9.1.5
M Insufficiently Protected Credentials	<8.1.0>=8.14.0 <8.18.8>=8.19.0 <8.19.5>=9.0.0 <9.0.8>=9.1.0 <9.1.5
M Cross-site Scripting (XSS)	>=7.0.0 <8.18.8>=8.19.0 <8.19.5>=9.0.0 <9.0.8>=9.1.0 <9.15
H Allocation of Resources Without Limits or Throttling	>=7.17.0 <8.15.1
H Missing Authorization	<8.12.1
M Prototype Pollution	>=8.3.0 <8.17.6>=8.18.0 <8.18.1>=9.0.0 <9.0.1
M Arbitrary File Upload	>=7.17.6 <7.17.24>=8.4.0 <8.12.0
M Arbitrary File Upload	>=7.17.0 <7.17.19>=8.0.0 <8.13.0
M Prototype Pollution	>=8.16.1 <8.16.4>=8.17.0 <8.17.2
C Prototype Pollution	>=8.15.0 <8.17.3
H Allocation of Resources Without Limits or Throttling	<7.17.23>=8.0.0 <8.15.0
M Information Exposure	>=8.0.0 <8.15.0
M Server-side Request Forgery (SSRF)	>=8.7.0 <8.15.0
H Allocation of Resources Without Limits or Throttling	<7.17.23>=8.0.0 <8.15.0
H Allocation of Resources Without Limits or Throttling	<7.17.23>=8.0.0 <8.14.2
C Deserialization of Untrusted Data	>=8.10.0 <8.15.1
C Deserialization of Untrusted Data	>=8.15.0 <8.15.1
H Prototype Pollution	>=7.7.0 <7.17.23>=8.0.0 <8.14.2
H Denial of Service (DoS)	>=7.0.0 <7.17.23>=8.0.0 <8.14.0
M Allocation of Resources Without Limits or Throttling	<7.17.22>=8.0.0-alpha1 <8.14.0
M URL Redirection to Untrusted Site ('Open Redirect')	<7.17.22>=8.0.0-alpha1 <8.14.0
M Uncontrolled Resource Consumption ('Resource Exhaustion')	>=8.6.3 <8.14.0
M Improper Access Control	>=8.0.0 <8.12.1
H Insertion of Sensitive Information into Log File	>=7.13.0 <7.17.16>=8.0.0 <8.11.2
H Information Exposure Through Log Files	>=8.0.0 <8.11.1
M Use of Unmaintained Third Party Components	>=7.0.0 <7.13.0
M Arbitrary Code Injection	>=7.10.2 <7.14.0
L Directory Traversal	>=7.9.0 <7.14.1
C Insertion of Sensitive Information into Log File	>=8.10.0 <8.10.1
M Cleartext Transmission of Sensitive Information	>=7.8.0 <7.15.2
H Denial of Service (DoS)	>=7.0.0 <7.17.9>=8.0.0 <8.6.1
C Arbitrary Code Injection	>=8.7.0 <8.7.1
H Arbitrary Code Injection	>=8.0.0 <8.7.1
M Improper Input Validation	>=7.10.2 <7.14.1
M Open Redirect	<6.8.16>=7.0.0 <7.13.0
M Prototype Pollution	>=6.7.0 <6.8.9>=7.0.0 <7.6.3
M Prototype Pollution	<6.8.9<7.7.0
C Cross-site Scripting (XSS)	<6.8.10>=7.7.0 <7.7.1
M Information Exposure	>=5.0.0 <5.0.2
M Cross-site Request Forgery (CSRF)	<4.1.3>=4.2.0 <4.2.1
M Cross-site Scripting (XSS)	>=4.1.0 <4.1.11>=4.5.0 <4.5.4
M Cross-site Scripting (XSS)	>=4.3.0 <4.6.2
M Open Redirect	<4.6.2>=5.0.0 <5.0.1
M Arbitrary Command Execution	<5.3.13>=6.4.0 <6.4.3
M Cross-site Scripting (XSS)	>=5.1.1 <5.6.6>=6.0.0 <6.1.2
H Denial of Service (DoS)	>=5.0.0 <5.2.1
M Cross-site Scripting (XSS)	<5.4.1
M Cross-site Scripting (XSS)	>=6.1.0 <6.1.3
M Open Redirect	>=5.1.1 <5.6.7>=6.0.0 <6.1.3
M Cross-site Scripting (XSS)	>=5.1.1 <5.6.7>=6.0.0 <6.1.3
M Cross-site Scripting (XSS)	<5.6.5>=6 <6.0.1
M Open Redirect	<5.6.5>=6 <6.0.1
M Open Redirect	<5.3.1
H Denial of Service (DoS)	<5.2.1
M Cross-site Scripting (XSS)	>=5.3.0 <5.3.3>=5.4.0 <5.4.1
M Information Exposure	<5.4.3
M Cross-site Scripting (XSS)	<5.6.1
M Cross-site Scripting (XSS)	<5.0.0-alpha5

Vulnerability

Vulnerable Version

Open Redirect