Kibana Chromium Rendering Exploit via Reporting Feature
CVE-2021-22142 Published on November 22, 2023
Kibana Reporting vulnerabilities
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.
Vulnerability Analysis
CVE-2021-22142 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Use of Unmaintained Third Party Components
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Products Associated with CVE-2021-22142
Want to know whenever a new CVE is published for Elastic Kibana? stack.watch will email you.
Affected Versions
Elastic Kibana:- Version 7.0.0 and below 7.13.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.