CVE-2021-22136

CVE-2021-22136

Vendor Elastic
Product Kibana
Weakness CWE-613 · Insufficient session expiration
Published May 13, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Key dates

02Disclosure timeline

May 13, 2021 CVE published
August 3, 2024 Record updated