552626 – www-apps/kibana-bin: XSS vulnerability (CVE-2015-4093)

Bug 552626 - www-apps/kibana-bin: XSS vulnerability (CVE-2015-4093)

Summary: www-apps/kibana-bin: XSS vulnerability (CVE-2015-4093)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-06-20 12:58 UTC by GLSAMaker/CVETool Bot
Modified:	2016-01-17 17:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2015-06-20 12:58:02 UTC

CVE-2015-4093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4093):
  Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before
  4.0.3 allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.

Comment 1 Ian Delaney (RETIRED) gentoo-dev

2015-06-22 08:27:23 UTC

*kibana-bin-4.0.3 (22 Jun 2015)

  22 Jun 2015; Ian Delaney <idella4@gentoo.org> +kibana-bin-4.0.3.ebuild,
  -kibana-bin-4.0.1.ebuild, -kibana-bin-4.0.2.ebuild:
  bump; rm old

Comment 2 Tomáš Mózes 2015-10-09 13:56:46 UTC

I believe this can be safely closed.

Comment 3 Ian Delaney (RETIRED) gentoo-dev

2015-10-10 04:59:49 UTC

(In reply to Tomas Mozes from comment #2)
> I believe this can be safely closed.

Tomas note the big Note: just above the Description.

Comment 4 Tomáš Mózes 2015-10-10 06:05:43 UTC

Yes, the security team is responsible for closing the bug, but since this bug has been resolved 4 months ago, I wanted to politely ping the security team. It wasn't meant for you ;)