RHEL 7 : Red Hat OpenShift Enterprise Kibana (RHSA-2016:1836)
Medium Nessus Plugin ID 119379
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for Red Hat OpenShift Enterprise Kibana images is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Security Fix(es) :
* A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
* A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker could use this flaw to inject arbitrary web script into pages served to other users.
SolutionUpdate the affected kibana, kibana-debuginfo and / or openshift-elasticsearch-plugin packages.