CVE-2022-23710 – org.elasticsearch:elasticsearch

Package

Manager: maven
Name: org.elasticsearch:elasticsearch
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: N/A

EPSS: 0.00616 pctl0.68984

Details

Withdrawn: Cross-site Scripting in Kibana ##Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim's browser.

Metadata

Created: 2022-03-04T00:00:15Z
Modified: 2023-03-15T19:19:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-m6gg-86c6-gfr9/GHSA-m6gg-86c6-gfr9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-m6gg-86c6-gfr9
Finding: N/A
Auto approve: 0