Bug 833151 (CVE-2022-23707)

Summary:	<www-apps/kibana-bin-7.17.1: authenticated XSS via index patterns
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	hydrapolic, proxy-maint
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215
See Also:	https://github.com/gentoo/gentoo/pull/24589
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2022-02-12 03:38:51 UTC

CVE-2022-23707:

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users

Please bump to 7.17.0.

Comment 1 Larry the Git Cow gentoo-dev

2022-03-16 22:35:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=982defdebb8ec36e0c86ee739c55bc4f5d450a88

commit 982defdebb8ec36e0c86ee739c55bc4f5d450a88
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-03-15 18:56:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-16 22:33:39 +0000

    www-apps/kibana-bin: bump to 7.17.1
    
    Bug: https://bugs.gentoo.org/833151
    Bug: https://bugs.gentoo.org/834543
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-apps/kibana-bin/Manifest                 |  1 +
 www-apps/kibana-bin/kibana-bin-7.17.1.ebuild | 91 ++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+)

Comment 2 John Helmert III archtester

2022-03-18 01:12:22 UTC

Thanks! Please cleanup.

Comment 3 Tomáš Mózes 2022-10-23 08:44:19 UTC

Tree clean

Comment 4 John Helmert III archtester

2022-10-23 15:06:05 UTC

Thank you!