CVE-2019-7608

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-02-2018 01:00

Last modified: - 19-02-2018 01:00

Total changes: - 14

Description

CVE-2019-7608 kibana: Cross-site scripting vulnerability permits perform destructive actions on behalf of other Kibana users

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

High

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

High

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

Exploitability score

Impact score

Verification logic

OR

AND

product=openshift3/apb-base AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/apb-tools AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/automation-broker-apb AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/csi-attacher AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/csi-driver-registrar AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/csi-livenessprobe AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/csi-provisioner AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/grafana AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/jenkins-slave-maven-rhel7 AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/jenkins-slave-nodejs-rhel7 AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/local-storage-provisioner AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/logging-fluentd AND versionEndExcluding=v3.11.146-4

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/manila-provisioner AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=MariaDB AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/mediawiki AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/mediawiki-apb AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/metrics-cassandra AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/metrics-hawkular-metrics AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/metrics-hawkular-openshift-agent AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/metrics-heapster AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/metrics-schema-installer AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/mysql-apb AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/node AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/oauth-proxy AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-ansible AND versionEndExcluding=v3.11.146-3

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-ansible-service-broker AND versionEndExcluding=v3.11.146-3

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-cli AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-cluster-autoscaler AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-cluster-capacity AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-cluster-monitoring-operator AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-configmap-reloader AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-console AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-control-plane AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-deployer AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-descheduler AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-docker-builder AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-docker-registry AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-efs-provisioner AND versionEndExcluding=v3.11.146-3

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-egress-dns-proxy AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-egress-http-proxy AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-egress-router AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-haproxy-router AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-hyperkube AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-hypershift AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-keepalived-ipfailover AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-kube-rbac-proxy AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-kube-state-metrics AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-logging-curator5 AND versionEndExcluding=v3.11.146-5

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-logging-elasticsearch5 AND versionEndExcluding=v3.11.146-4

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-logging-eventrouter AND versionEndExcluding=v3.11.146-4

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-logging-fluentd AND versionEndExcluding=v3.11.146-4

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-logging-kibana5 AND versionEndExcluding=v3.11.146-6

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-cassandra AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-hawkular-metrics AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-hawkular-openshift-agent AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-heapster AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-schema-installer AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-metrics-server AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-node AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-node-problem-detector AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-operator-lifecycle-manager AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-ovn-kubernetes AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-pod AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-prometheus-config-reloader AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-prometheus-operator AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-recycler AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-service-catalog AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-template-service-broker AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-tests AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/ose-web-console AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/postgresql-apb AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/prometheus AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/prometheus-alertmanager AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/prometheus-node-exporter AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/registry-console AND versionEndExcluding=v3.11.146-1

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/snapshot-controller AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=openshift3/snapshot-provisioner AND versionEndExcluding=v3.11.146-2

vendor=Red Hat Enterprise Linux AND product=openshift AND version=3.11

AND

product=kibana-0 AND versionEndExcluding=5.6.16-2.el7

vendor=Red Hat Enterprise Linux AND product=openshift AND version=4.1

Reference

Keywords

REDHAT

CVE-2019-7608

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.