CVE-2018-3830

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-3830

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3830.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-3830

Downstream

RHSA-2018:3537

Published

2018-09-19T19:29:01.203Z

Modified

2026-02-04T21:47:20.705463Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

3adb13b1f49935973b974a2517caa0d4d59bf4d0

Last affected

e36acdb78ec6499be861ae1b2dac264cce2f8b10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3830.json"

Git / github.com/elastic/kibana

Affected ranges

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

ce7908cdac87af1e3b02ac4038fc3985602cf95a

Last affected

2872c74872c54d91e3e00b67c7bbc61659df0ba7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3830.json"