CVE-2022-23709: A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. CVE-2022-23710: A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser. Fixes in 7.17.1, 8.0.1, 8.1.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=982defdebb8ec36e0c86ee739c55bc4f5d450a88 commit 982defdebb8ec36e0c86ee739c55bc4f5d450a88 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-03-15 18:56:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-16 22:33:39 +0000 www-apps/kibana-bin: bump to 7.17.1 Bug: https://bugs.gentoo.org/833151 Bug: https://bugs.gentoo.org/834543 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> www-apps/kibana-bin/Manifest | 1 + www-apps/kibana-bin/kibana-bin-7.17.1.ebuild | 91 ++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+)
Tree clean
Thank you!
