Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 552626

Summary: www-apps/kibana-bin: XSS vulnerability (CVE-2015-4093)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: hydrapolic, idella4
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 12:58:02 UTC 
CVE-2015-4093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4093):
  Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before
  4.0.3 allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.
Comment 1 Ian Delaney (RETIRED) gentoo-dev 2015-06-22 08:27:23 UTC 
*kibana-bin-4.0.3 (22 Jun 2015)

  22 Jun 2015; Ian Delaney <idella4@gentoo.org> +kibana-bin-4.0.3.ebuild,
  -kibana-bin-4.0.1.ebuild, -kibana-bin-4.0.2.ebuild:
  bump; rm old
Comment 2 Tomáš Mózes 2015-10-09 13:56:46 UTC 
I believe this can be safely closed.
Comment 3 Ian Delaney (RETIRED) gentoo-dev 2015-10-10 04:59:49 UTC 
(In reply to Tomas Mozes from comment #2)
> I believe this can be safely closed.

Tomas note the big Note: just above the Description.
Comment 4 Tomáš Mózes 2015-10-10 06:05:43 UTC 
Yes, the security team is responsible for closing the bug, but since this bug has been resolved 4 months ago, I wanted to politely ping the security team. It wasn't meant for you ;)