CyberAlerts

Description: Web App Scanning Plugin ID 114638 with Medium Severity Synopsis Kibana 7.x < 7.17.23 Denial Of Service Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.23 or 8.x prior to 8.14.0. It is, therefore, affected by a Denial Of Service by sending a large number of maliciously crafted requests to a specific endpoint.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.17.23 or later. Read more at https://www.tenable.com/plugins/was/114638

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 8.x < 8.14.0 Multiples Vulnerabilities

Description: Web App Scanning Plugin ID 114639 with Medium Severity Synopsis Kibana 8.x < 8.14.0 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.22 or 8.x prior to 8.14.0. It is, therefore, affected by multiples vulnerabilities.- A high-privileged user, allowed to create custom osquery packs could affect the availability of Kibana by uploading a maliciously crafted osquery pack. - An open redirect that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.14.0 or later. Read more at https://www.tenable.com/plugins/was/114639

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 7.x < 7.17.22 Multiples Vulnerabilities

Description: Web App Scanning Plugin ID 114640 with Medium Severity Synopsis Kibana 7.x < 7.17.22 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.22 or 8.x prior to 8.14.0. It is, therefore, affected by multiples vulnerabilities.- A high-privileged user, allowed to create custom osquery packs could affect the availability of Kibana by uploading a maliciously crafted osquery pack. - An open redirect that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.13.16 or later. Read more at https://www.tenable.com/plugins/was/114640

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File

Description: Web App Scanning Plugin ID 114641 with Medium Severity Synopsis Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.11.2 or later. Read more at https://www.tenable.com/plugins/was/114641

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 7.13.x < 7.17.16 Insertion of Sensitive Information into Log File

Description: Web App Scanning Plugin ID 114642 with Medium Severity Synopsis Kibana 7.13.x < 7.17.16 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.13.16 or later. Read more at https://www.tenable.com/plugins/was/114642

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File

Description: Web App Scanning Plugin ID 114643 with Medium Severity Synopsis Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.11.1 or later. Read more at https://www.tenable.com/plugins/was/114643

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File

Description: Web App Scanning Plugin ID 114644 with High Severity Synopsis Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.10.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.10.1 or later. Read more at https://www.tenable.com/plugins/was/114644

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Kibana 8.x < 8.7.1 Multiples Vulnerabilities

Description: Web App Scanning Plugin ID 114645 with High Severity Synopsis Kibana 8.x < 8.7.1 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities.- An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code - An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.7.1 or later. Read more at https://www.tenable.com/plugins/was/114645

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

TSPlus Detected

Description: Web App Scanning Plugin ID 114646 with Info Severity Synopsis TSPlus Detected Description This is an informational notice that the scanner was able to detect TSPlus on the target server.Note that this detection is included in the Remote Access Tools category. Solution Read more at https://www.tenable.com/plugins/was/114646

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Apache Guacamole Detected

Description: Web App Scanning Plugin ID 114647 with Info Severity Synopsis Apache Guacamole Detected Description This is an informational notice that the scanner was able to detect an Apache Guacamole instance on the target server.Note that this detection is included in the Remote Access Tools category. Solution Read more at https://www.tenable.com/plugins/was/114647

Source: Tenable Plugins

March 11th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Kibana 7.x < 7.17.23 Denial Of Service Description: Web App Scanning Plugin ID 114638 with Medium Severity Synopsis Kibana 7.x < 7.17.23 Denial Of Service Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.23 or 8.x prior to 8.14.0. It is, therefore, affected by a Denial Of Service by sending a large number of maliciously crafted requests to a specific endpoint.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.17.23 or later. Read more at https://www.tenable.com/plugins/was/114638 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 8.x < 8.14.0 Multiples Vulnerabilities Description: Web App Scanning Plugin ID 114639 with Medium Severity Synopsis Kibana 8.x < 8.14.0 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.22 or 8.x prior to 8.14.0. It is, therefore, affected by multiples vulnerabilities.- A high-privileged user, allowed to create custom osquery packs could affect the availability of Kibana by uploading a maliciously crafted osquery pack. - An open redirect that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.14.0 or later. Read more at https://www.tenable.com/plugins/was/114639 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 7.x < 7.17.22 Multiples Vulnerabilities Description: Web App Scanning Plugin ID 114640 with Medium Severity Synopsis Kibana 7.x < 7.17.22 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 7.x prior to 7.17.22 or 8.x prior to 8.14.0. It is, therefore, affected by multiples vulnerabilities.- A high-privileged user, allowed to create custom osquery packs could affect the availability of Kibana by uploading a maliciously crafted osquery pack. - An open redirect that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.13.16 or later. Read more at https://www.tenable.com/plugins/was/114640 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File Description: Web App Scanning Plugin ID 114641 with Medium Severity Synopsis Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.11.2 or later. Read more at https://www.tenable.com/plugins/was/114641 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 7.13.x < 7.17.16 Insertion of Sensitive Information into Log File Description: Web App Scanning Plugin ID 114642 with Medium Severity Synopsis Kibana 7.13.x < 7.17.16 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 7.13.16 or later. Read more at https://www.tenable.com/plugins/was/114642 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File Description: Web App Scanning Plugin ID 114643 with Medium Severity Synopsis Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.11.1 or later. Read more at https://www.tenable.com/plugins/was/114643 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File Description: Web App Scanning Plugin ID 114644 with High Severity Synopsis Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.10.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.10.1 or later. Read more at https://www.tenable.com/plugins/was/114644 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Kibana 8.x < 8.7.1 Multiples Vulnerabilities Description: Web App Scanning Plugin ID 114645 with High Severity Synopsis Kibana 8.x < 8.7.1 Multiples Vulnerabilities Description According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities.- An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code - An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to Kibana version 8.7.1 or later. Read more at https://www.tenable.com/plugins/was/114645 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	TSPlus Detected Description: Web App Scanning Plugin ID 114646 with Info Severity Synopsis TSPlus Detected Description This is an informational notice that the scanner was able to detect TSPlus on the target server.Note that this detection is included in the Remote Access Tools category. Solution Read more at https://www.tenable.com/plugins/was/114646 Source: Tenable Plugins March 11th, 2025 (4 months ago)
	Apache Guacamole Detected Description: Web App Scanning Plugin ID 114647 with Info Severity Synopsis Apache Guacamole Detected Description This is an informational notice that the scanner was able to detect an Apache Guacamole instance on the target server.Note that this detection is included in the Remote Access Tools category. Solution Read more at https://www.tenable.com/plugins/was/114647 Source: Tenable Plugins March 11th, 2025 (4 months ago)