It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : 

- A code execution vulnerability due to an older version of js-yaml (CVE-2021-22150)

- An HTML Injection due to a lack of sanitization of document fields containing html snippets (CVE-2021-22151)

- A Path Traversal through .pbf files (CVE-2021-37936)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
113522	Kibana 7.9.0 < 7.14.1 Path Traversal	Web App Scanning	Component Vulnerability	high
113521	Kibana 7.10.2 < 7.14.1 Code Execution	Web App Scanning	Component Vulnerability	high
113520	Kibana 7.14.0 HTML Injection	Web App Scanning	Component Vulnerability	high

Detections

Analytics

CVE-2021-22150

high

Tenable Plugins

high

high

high