Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 897948 (CVE-2022-38779)

Summary: <www-apps/kibana-bin-7.17.9: arbitrary redirect
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: hydrapolic, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://discuss.elastic.co/t/kibana-7-17-9-and-8-6-2-security-update/325782
See Also: https://github.com/gentoo/gentoo/pull/30017
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-26 17:56:55 UTC 
CVE-2022-38779:

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Please bump to 7.17.9.
Comment 1 Larry the Git Cow gentoo-dev 2023-03-11 16:26:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0acc1ed17c0be136efc46815b0311c78e2a0d3f5

commit 0acc1ed17c0be136efc46815b0311c78e2a0d3f5
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2023-03-09 13:21:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-11 16:23:52 +0000

    www-apps/kibana-bin: add 7.17.9, drop old
    
    Bug: https://bugs.gentoo.org/897948
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-apps/kibana-bin/Manifest                       |  3 +-
 www-apps/kibana-bin/kibana-bin-7.17.7.ebuild       | 94 ----------------------
 ...-bin-7.17.8.ebuild => kibana-bin-7.17.9.ebuild} |  0
 3 files changed, 1 insertion(+), 96 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-19 03:45:25 UTC 
Thanks! All done