Kibana 6.8.6edit

Bug fixedit

  • Fixes a cross-site scripting (XSS) flaw in Coordinate and Region Map visualizations. An attacker could create a malicious visualization that executes JavaScript in a victim’s browser when the visualization, or dashboard containing the visualization, was viewed. Since Kibana 6.7.0, Content Security Policy (CSP), which prevents attackers from using this flaw, is enabled by default. However, an attacker can still inject arbitrary HTML into the page. See, CVE-2019-7621.
  • Sanitizes attribution #52309