Security Advisory

CVE-2021-22150

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-22 00:30:56

Last updated 2024-12-02 20:33:49

Assigner elastic

State PUBLISHED

Description

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

← Browse all CVEs View on cve.org ↗