Security

Barra de busca
Voltar para Security Alert

Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23707

The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.

Deployments which might be impacted

  • Kibana versions 7.5.1 through 7.16.3

Vulnerability Information

Kibana Cross-site scripting issue (ESA-2022-01)

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users.

Affected Versions:

Versions 7.5.1 through 7.16.3

Solutions and Mitigations:

Customers on affected versions should upgrade to the latest version of Kibana.

CVSSv3: 8.1 - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE ID: CVE-2022-23707

Additional Information

N/A

 

Search Engine Compatibility Matrix

Elasticsearch 7.17.x has been added to the list of compatible versions. Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.

Vendor References

https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215

Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On this page