CVE-2021-22136
N/A
N/A
Summary
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Kibana | before 7.12.0 and 6.8.15 | affected |
Weaknesses
- CWE-613: CWE-613: Insufficient Session Expiration
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.