RHEL 7 : Red Hat OpenShift Enterprise Kibana (RHSA-2016:1836)

Medium Nessus Plugin ID 119379

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for Red Hat OpenShift Enterprise Kibana images is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es) :

* A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

* A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker could use this flaw to inject arbitrary web script into pages served to other users.

Solution

Update the affected kibana, kibana-debuginfo and / or openshift-elasticsearch-plugin packages.

See Also

https://access.redhat.com/errata/RHSA-2016:1836

Plugin Details

Severity: Medium

ID: 119379

File Name: redhat-RHSA-2016-1836.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/12/04

Modified: 2018/12/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kibana, p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo, p-cpe:/a:redhat:enterprise_linux:openshift-elasticsearch-plugin, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2016/09/08

Reference Information

RHSA: 2016:1836