Elastic Kibana Node.js Security Vulnerabilities (ESA-2021-24)
381 views
Skip to first unread message
Orhan YILDIRIM
Mar 4, 2022, 1:15:11 AM3/4/22
to Wazuh mailing list
Hello Guys,
I did a security scan and found the following results.
But how can I close this vulnerability? is there a way
Thanks,
Orhan
Fixed version: 7.14.1
Insight
Node.js version 14.17.3 is affected by several security
vulnerabilities: CVE-2021-22940, CVE-2021-3672, CVE-2021-22931, and CVE-2021-22939. We do not
believe an attacker can exploit these against Kibana, but we are upgrading Node.js out of an
abundance of caution. Kibana 7.14.1 upgrades Node.js to version 14.17.5 to resolve these issues.
Detection Method
Checks if a vulnerable version is present on the target host.
Details:
Elastic Kibana Node.js Security Vulnerabilities (ESA-2021-24) OID: 1.3.6.1.4.1.25623.1.0.117776
Version used:
2021-12-16T03:03:23Z
Affected Software/OS
Elastic Kibana version 7.14.0 and prior.
Solution
Solution Type:
Vendorfix
Update to version 7.14.1 or later.
Node.js version 14.17.3 is affected by several security
vulnerabilities: CVE-2021-22940, CVE-2021-3672, CVE-2021-22931, and CVE-2021-22939. We do not
believe an attacker can exploit these against Kibana, but we are upgrading Node.js out of an
abundance of caution. Kibana 7.14.1 upgrades Node.js to version 14.17.5 to resolve these issues.
Detection Method
Checks if a vulnerable version is present on the target host.
Details:
Elastic Kibana Node.js Security Vulnerabilities (ESA-2021-24) OID: 1.3.6.1.4.1.25623.1.0.117776
Version used:
2021-12-16T03:03:23Z
Affected Software/OS
Elastic Kibana version 7.14.0 and prior.
Solution
Solution Type:
Vendorfix
Update to version 7.14.1 or later.
Chema Martinez
Mar 4, 2022, 3:53:11 AM3/4/22
to Wazuh mailing list
Hi Orhan,
Thank you for posting in the Wazuh community.
I don't fully understand if you want to fix the vulnerabilities in your Node.js version or just silence the vulnerability alerts being aware that your version is vulnerable.
Could you please tell us the Wazuh version you are using and the alerts from the Vulnerability scanner related to these CVEs? That way we can know more precisely how the scanner has detected the vulnerabilities. It could be also helpful to know in which OS is the vulnerable Kibana installed.
Thanks in advance!
Chema Martinez
Mar 4, 2022, 6:33:51 AM3/4/22
to Wazuh mailing list
Hi again Orhan,
Thanks for your response, I received your vulnerability report in my inbox. Please, for the next messages let's use this thread if you don't have to share sensitive information.
Regarding the report, it seems the only way to prevent these vulnerabilities is by upgrading your Kibana to 7.14.1 or newer.
It would be interesting to know if the Wazuh's vulnerability scanner is also reporting the vulnerabilities. Could you please enable it in the ossec.conf file in the manager?
<vulnerability-detector>
<enabled>yes</enabled>
<interval>5m</interval>
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>yes</enabled>
<os>focal</os>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>Applying that configuration will only scan for Ubuntu 20.04 agents as yours.
Regards,
Chema.
Orhan YILDIRIM
Mar 4, 2022, 6:48:37 AM3/4/22
to Wazuh mailing list
Hi
Chema,
Thank you very much for this valuable information. I will try this
"Regarding the report, it seems the only way to prevent these vulnerabilities is by upgrading your Kibana to 7.14.1 or newer."
https://github.com/wazuh/wazuh-kibana-app I tried from here and got the following error. Is there a way to update Kibana?
sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.5_7.14.2-1.zip
Attempting to transfer from https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.5_7.14.2-1.zip
Transferring 32476495 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Plugin wazuh [7.14.2] is incompatible with Kibana [7.10.2]"
Attempting to transfer from https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.5_7.14.2-1.zip
Transferring 32476495 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Plugin wazuh [7.14.2] is incompatible with Kibana [7.10.2]"
Thank you,
Orhan
4 Mart 2022 Cuma tarihinde saat 14:33:51 UTC+3 itibarıyla chema.m...@wazuh.com şunları yazdı:
Chema Martinez
Mar 4, 2022, 7:08:38 AM3/4/22
to Wazuh mailing list
Hi Orhan,
It seems you are trying to install directly the Wazuh plugin for Kibana 7.14.2 under your Kibana version which is still 7.10.2.
To avoid the vulnerabilities you have to upgrade your whole Elastic stack from 7.10.2 to a newer version, which includes upgrading Kibana of course.
After that, you will be able to upgrade the Wazuh plugin. Please, check the following table with the compatibility matrix for the Wazuh App:
You can also check how to upgrade the ELK in:
I hope it helps!
Best regards,
Chema.
Orhan YILDIRIM
Mar 4, 2022, 7:50:26 AM3/4/22
to Wazuh mailing list
Thank you Chema,
I'm examining.
Regards,
Reply all
Reply to author
Forward
0 new messages