Security

Barra de búsqueda
Volver a Security Alert

Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38779

The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.

Vulnerability Information

Kibana open redirect issue (ESA-2023-03)

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Affected Versions:

Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.1

Solutions and Mitigations:

The issue is resolved in versions 7.17.9 and 8.6.2

CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID: CVE-2022-38779

 

Search Engine Compatibility Matrix

Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.

Source

https://discuss.elastic.co/t/kibana-7-17-9-and-8-6-2-security-update/325782

Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On this page