It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

Related CVEs

CVE-2021-22151

Key Information

GHSA ID

GHSA-rj62-3vmp-2f6j

Published

November 22, 2023 3:30 AM

Last Modified

November 22, 2023 3:30 AM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 29, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.