vulnerability

Elastic Kibana: CVE-2021-37939: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Nov 18, 2021	Sep 3, 2025	Sep 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Nov 18, 2021

Added

Sep 3, 2025

Modified

Sep 3, 2025

Description

It was discovered that Kibana’s JIRA connector and IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.

Solution

elastic-kibana-upgrade-latest

References

CWE-200
CWE-319
CVE-2021-37939
https://attackerkb.com/topics/CVE-2021-37939
URL-https://discuss.elastic.co/t/kibana-7-15-2-security-update/288923

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today