CVE-2022-38778

Published: Feb 8, 2023Modified: Mar 25, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.

Affected (3)

Products: Decode Uri Component Project: Decode Uri Component · Elastic: Kibana

Decode Uri Component Project

1 product

Decode Uri Component

Elastic

1 product

Kibana

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Decode Uri Component Project Decode Uri Component	Before 0.2.1
Elastic Kibana	From 7.0.0 to 7.17.9
Elastic Kibana	From 8.0.0 to 8.6.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661

Source: security@elastic.co

Vendor Advisory

https://www.elastic.co/community/security

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.