CVE-2021-22136

Summary

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Affected Software

VendorProductVersion RangeStatus
ElasticKibanabefore 7.12.0 and 6.8.15affected

Weaknesses

  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

References