2021-01-04 21:03:00 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
2021-05-13 18:00:40 +00:00
"ASSIGNER" : "security@elastic.co" ,
2021-01-04 21:03:00 +00:00
"ID" : "CVE-2021-22139" ,
2021-05-13 12:32:25 -05:00
"STATE" : "PUBLIC"
2021-01-04 21:03:00 +00:00
} ,
2021-05-13 12:32:25 -05:00
"affects" : {
2021-05-13 18:00:40 +00:00
"vendor" : {
"vendor_data" : [
2021-05-13 12:32:25 -05:00
{
2021-05-13 18:00:40 +00:00
"vendor_name" : "Elastic" ,
"product" : {
"product_data" : [
{
"product_name" : "Kibana" ,
"version" : {
"version_data" : [
{
"version_value" : "before 7.12.1"
}
]
}
}
]
}
2021-05-13 12:32:25 -05:00
}
2021-05-13 18:00:40 +00:00
]
}
2021-05-13 12:32:25 -05:00
} ,
"problemtype" : {
2021-05-13 18:00:40 +00:00
"problemtype_data" : [
2021-05-13 12:32:25 -05:00
{
2021-05-13 18:00:40 +00:00
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-400: Uncontrolled Resource Consumption"
}
]
2021-05-13 12:32:25 -05:00
}
2021-05-13 18:00:40 +00:00
]
2021-05-13 12:32:25 -05:00
} ,
"references" : {
2021-05-13 18:00:40 +00:00
"reference_data" : [
{
"url" : "https://discuss.elastic.co/t/7-12-1-security-update/271433" ,
"refsource" : "MISC" ,
"name" : "https://discuss.elastic.co/t/7-12-1-security-update/271433"
}
]
2021-05-13 12:32:25 -05:00
} ,
"description" : {
2021-05-13 18:00:40 +00:00
"description_data" : [
{
"lang" : "eng" ,
"value" : "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users."
}
]
2021-01-04 21:03:00 +00:00
}
2021-05-13 18:00:40 +00:00
}
