{"id":"CVE-2021-22141","details":"An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.","modified":"2026-05-28T04:07:01.784890307Z","published":"2022-11-18T23:15:11.553Z","related":["SUSE-SU-2021:3729-1","SUSE-SU-2022:1654-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"0"},{"fixed":"1f62092a874cdc73ae87e6f8361ae2b6dc4a87f3"},{"introduced":"b7e28a7232616c7a21bc879a535d801b8553ba77"},{"fixed":"5ca8591c6fcdb1260ce95b08a8e023559635c6f3"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"6.8.16"},{"introduced":"7.0.0"},{"fixed":"7.13.0"}],"cpe":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}}],"versions":["v6.8.15","v6.8.14","v6.8.13","v6.8.12","v6.8.11","v6.8.10","v6.8.9","v6.8.8","v6.8.7","v6.8.6","v6.8.5","v6.8.4","v6.8.3","v6.8.2","v6.8.1","v6.8.0","v6.7.2","v6.7.1","v6.7.0","v7.0.0-alpha2","v7.0.0-alpha1","v6.0.0-alpha2","v6.0.0-alpha1","v1.0.0.RC1","v1.0.0.Beta2","v1.0.0.Beta1","v0.90.0","v0.90.0.RC2","v0.90.0.RC1","v0.90.0.Beta1","v0.20.0.RC1","v0.19.0","v0.19.0.RC3","v0.19.0.RC2","v0.19.0.RC1","v0.18.0","v0.17.0","v0.16.0","v0.15.0","v0.14.0","v0.13.0","v0.12.0","v0.11.0","v0.10.0","v0.9.0","v0.8.0","v0.7.1","v0.7.0","v0.6.0","v0.5.1","v0.5.0","v0.4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22141.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"0"},{"fixed":"2a6387559c5754976a6a9c94ef2d8e4b55f2617b"},{"introduced":"ee89fda8a17eff9c93f7400c102edf76cb4d7d8a"},{"fixed":"9863e88bd63ad546b9d36e6b0c0c55cb65dd9081"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"6.8.16"},{"introduced":"7.0.0"},{"fixed":"7.13.0"}],"cpe":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"}}],"versions":["v6.8.15","v6.8.14","v6.8.13","v6.8.12","v6.8.11","v6.8.10","v6.8.9","v6.8.8","v6.8.7","v6.8.6","v6.8.5","v6.8.4","v6.8.3","v6.8.2","v6.8.1","v6.8.0","v6.7.2","v6.7.1","v6.7.0","v7.0.0-alpha2","v7.0.0-alpha1","7.0-known-good","v6.0.0-alpha2","v6.0.0-alpha1","v5.0.0-alpha5","v4.2.0-beta1","v4.0.0-beta3","v4.0.0-beta2","v4.0.0-beta1.1","v4.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22141.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}