QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22136

Published: May 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Vendor	Product	Versions
Elastic	Kibana	affected `before 7.12.0 and 6.8.15`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.