A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
Fix in 7.17.3 and 8.1.3.
The bug has been referenced in the following commit(s):
Author: Tomáš Mózes <firstname.lastname@example.org>
AuthorDate: 2022-04-23 10:35:17 +0000
Commit: Joonas Niilola <email@example.com>
CommitDate: 2022-04-24 07:57:13 +0000
app-misc/elasticsearch: bump to 7.17.3
Signed-off-by: Tomáš Mózes <firstname.lastname@example.org>
Signed-off-by: Joonas Niilola <email@example.com>
app-misc/elasticsearch/Manifest | 1 +
app-misc/elasticsearch/elasticsearch-7.17.3.ebuild | 83 ++++++++++++++++++++++
2 files changed, 84 insertions(+)
Thanks, all done!