Test ID:	1.3.6.1.4.1.25623.1.0.126336
Category:	Web application abuses
Title:	Elastic Kibana 7.0.0 < 7.17.8, 8.0.0 < 8.5.0 RCE Vulnerability (ESA-2022-12)
Summary:	Kibana is prone to a remote code execution (RCE); vulnerability in the headless Chromium browser that Kibana relies on for its reporting capabilities.
Description:	Summary: Kibana is prone to a remote code execution (RCE) vulnerability in the headless Chromium browser that Kibana relies on for its reporting capabilities. Vulnerability Insight: The vulnerability in Chromium is not exploitable on its own but could be exploited via an additional cross-site scripting (XSS) in some of affected versions of Kibana with the worst impact being remote code execution (RCE) with an attacker executing arbitrary commands with permissions of the Kibana process. Affected Software/OS: Kibana version 7.0.0 prior to 7.17.8 and 8.0.0 prior to 8.5.0. Solution: Update to version 7.17.8, 8.5.0 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1364 https://security.gentoo.org/glsa/202208-25 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html https://crbug.com/1315901
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.