OverviewWhy AttestdQuickstartResponse FieldsAPI ReferenceSDK Reference↳ Python↳ JavaScriptAccount & PortalAI Agent IntegrationCI/CD IntegrationIntegrations↳ MCP Server↳ LangChain↳ LangChain (JS)↳ AutoGenProductsSupply chainFAQ
products / kibana

Kibana

Kibana is the visualization and analytics layer for the Elastic stack. It exposes the full Elasticsearch dataset through dashboards and search interfaces. NVD tracks it as elastic:kibana with dotted stack versions (7.x, 8.x). Pairs with Elasticsearch and Logstash coverage.

api usage

Querying Kibana

product slugkibana
version format7.10.0, 8.11.1
bash
curl "https://api.attestd.io/v1/check?product=kibana&version=7.10.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Kibana 7.10.0 is affected by CVE-2021-22141 (stored XSS in Kibana dashboard features). The aggregated response expects risk_state: "high".

json
{
  "product": "kibana",
  "version": "7.10.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "cross_site_scripting",
    "internet_exposed_service",
    "patch_available"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": true,
  "patch_available": true,
  "fixed_version": "7.10.7",
  "confidence": 0.88,
  "cve_ids": ["CVE-2021-22141"],
  "last_updated": "2026-05-27T00:00:00Z"
}
safe version

Kibana 8.15.0 is used as a patched-line example; confirm with live /v1/check after ingestion.

bash
curl "https://api.attestd.io/v1/check?product=kibana&version=8.15.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"
notable cves

CVE history

Kibana CVE history includes server-side request forgery in connector plugins, stored cross-site scripting in dashboard and canvas features, and prototype pollution in query parsing.

CVEDescriptionAffectsCVSS
CVE-2021-22141Stored cross-site scripting in Kibana dashboard and visualization features via crafted index patterns.7.10.0 to 7.10.68.8
CVE-2019-7616Server-side request forgery in Kibana Timelion and connector plugins allowing internal network probing.before 6.6.27.2
CVE-2021-22134Information disclosure via Kibana reporting API exposing document field data.7.11.0 to 7.11.26.5
CVE-2020-7012Cross-site scripting in Kibana Maps and Canvas features.7.0.0 to 7.6.26.1
CVE-2023-31417Prototype pollution in Kibana query parsing leading to denial of service.see NVD7.5
related
All productsElasticsearchLogstashResponse Field Reference