Detections
Analytics

RHEL 7 : Red Hat OpenShift Enterprise Kibana (RHSA-2016:1836)

medium Nessus Plugin ID 119379

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for Red Hat OpenShift Enterprise Kibana images is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

Security Fix(es) :

* A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

* A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker could use this flaw to inject arbitrary web script into pages served to other users.

Solution

Update the affected kibana, kibana-debuginfo and / or openshift-elasticsearch-plugin packages.

See Also

https://access.redhat.com/errata/RHSA-2016:1836

Plugin Details

Severity: Medium

ID: 119379

File Name: redhat-RHSA-2016-1836.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/4/2018

Updated: 10/24/2019

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kibana, p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo, p-cpe:/a:redhat:enterprise_linux:openshift-elasticsearch-plugin, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 9/8/2016

Vulnerability Publication Date: 9/8/2016

Reference Information

RHSA: 2016:1836