CVE-2022-23711: A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source. Fix in 7.17.3 and 8.1.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc96431e36c76038b6f3499bfcbcc9e51bbf75d4 commit fc96431e36c76038b6f3499bfcbcc9e51bbf75d4 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-04-23 10:35:17 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-24 07:57:13 +0000 app-misc/elasticsearch: bump to 7.17.3 Bug: https://bugs.gentoo.org/839981 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-misc/elasticsearch/Manifest | 1 + app-misc/elasticsearch/elasticsearch-7.17.3.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+)
Thanks, all done!
