CVE-2021-22142 - Vulnerability Details - OpenCVE

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elastic	Kibana

Configuration 1 [-]

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1
https://nvd.nist.gov/vuln/detail/CVE-2021-22142
https://www.cve.org/CVERecord?id=CVE-2021-22142
https://www.elastic.co/community/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2023-11-22T01:00:25.568Z

Updated: 2024-08-03T18:37:17.271Z

Reserved: 2021-01-04T20:17:39.856Z

Link: CVE-2021-22142

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-22T01:15:07.210

Modified: 2024-11-21T05:49:35.293

Link: CVE-2021-22142

Redhat

Severity : Moderate

Publid Date: 2021-05-25T00:00:00Z

Links: CVE-2021-22142 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-22142", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2021-01-04T20:17:39.856Z", "datePublished": "2023-11-22T01:00:25.568Z", "dateUpdated": "2024-08-03T18:37:17.271Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [{"lessThan": "7.13.0", "status": "affected", "version": "7.0.0", "versionType": "semver"}]}], "datePublic": "2021-05-25T15:17:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."}], "value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1104", "description": "CWE-1104: Use of Unmaintained Third Party Components", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2023-11-22T01:00:25.568Z"}, "references": [{"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1"}, {"url": "https://www.elastic.co/community/security"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana Reporting vulnerabilities", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:17.271Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1", "tags": ["x_transferred"]}, {"url": "https://www.elastic.co/community/security", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "59FC20DF-243E-4BC1-B48B-941728841B72", "versionEndExcluding": "7.13.0", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content."}, {"lang": "es", "value": "Kibana contiene una versi\u00f3n integrada del navegador Chromium que la funci\u00f3n de informes utiliza para generar informes descargables. Si un usuario con permisos para generar informes puede representar HTML arbitrario con este navegador, es posible que pueda aprovechar las vulnerabilidades conocidas de Chromium para realizar m\u00e1s ataques. Kibana contiene una serie de protecciones para evitar que este navegador muestre contenido arbitrario."}], "id": "CVE-2021-22142", "lastModified": "2024-11-21T05:49:35.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "bressers@elastic.co", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T01:15:07.210", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1104"}], "source": "bressers@elastic.co", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kibana: Use of Unmaintained Third Party Components", "id": "1965466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965466"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-1021", "details": ["Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.", "Kibana contains an embedded version of the Chromium browser that the Reporting feature uses. An attacker potentially is able to leverage known Chromium vulnerabilities to conduct further attacks."], "name": "CVE-2021-22142", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-logging-kibana6", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2021-05-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-22142\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22142\nhttps://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964"], "statement": "The kibana reporting feature is part of the X-Pack features [1].\nIn OpenShift Container Platform (OCP) the kibana components have X-Pack security features disabled by default. The X-Pack plugin can be used only in the enterprise version [2] [3].\nHence the open source version is unaffected by this vulnerability.\n[1] https://www.elastic.co/guide/en/kibana/current/reporting-getting-started.html\n[2] https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html\n[3] https://www.elastic.co/subscriptions", "threat_severity": "Moderate", "upstream_fix": "kibana 7.13.0, kibana 6.8.16"}