Description: "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users." Please cleanup.
* CVE-2021-22136 Description: "In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out." https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f6973c83de46d9d9281649fe72ad28d28c927be commit 5f6973c83de46d9d9281649fe72ad28d28c927be Author: Ferenc Erki <erkiferenc@gmail.com> AuthorDate: 2021-05-29 19:04:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-31 08:15:48 +0000 www-apps/kibana-bin: drop vulnerable Bug: https://bugs.gentoo.org/790290 Signed-off-by: Ferenc Erki <erkiferenc@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/21042 Signed-off-by: Sam James <sam@gentoo.org> www-apps/kibana-bin/Manifest | 2 - www-apps/kibana-bin/kibana-bin-7.10.2.ebuild | 90 ---------------------------- 2 files changed, 92 deletions(-)
All done, thanks!
