Security readout for executives and security teams
Plain-English summary
CVE-2021-22141 is a Kibana open redirect issue. A logged-in user who follows a maliciously crafted URL could be sent from Kibana to an arbitrary external website. The business risk is mainly user deception and trust abuse, not service outage.
Executive priority
Treat as a routine but time-bound remediation for exposed or broadly used Kibana systems. Prioritize internet-reachable or high-trust administrative deployments first. This is not evidenced as actively exploited in the provided sources.
Technical view
Elastic reports an open redirect flaw in Kibana before 7.13.0 and 6.8.16. The CVSS 3.1 score is 6.1 with network access, low attack complexity, required user interaction, changed scope, and low confidentiality and integrity impact.
Likely exposure
Exposure is limited to Elastic Kibana deployments running versions earlier than 7.13.0 or 6.8.16. The issue matters most where Kibana is reachable by staff, customers, or administrators who may trust Kibana-originated links.
Exploitation context
The source bundle does not show CISA KEV listing or confirmed active exploitation. Exploitation requires a logged-in user to visit a maliciously crafted URL. Public details provided here do not include exploit mechanics.
Researcher notes
Evidence supports CWE-601 open redirect in Kibana before fixed version thresholds. The provided sources do not include exploit details, indicators of compromise, or mitigations beyond version guidance and vendor advisory review.
Mitigation direction
- Upgrade Kibana to 7.13.0, 6.8.16, or a later supported release.
- Review Elastic security guidance for version-specific remediation instructions.
- Restrict Kibana access to trusted networks and authenticated users where possible.
- Warn users not to trust unexpected Kibana links from untrusted sources.
Validation and detection
- Inventory all Kibana instances and record exact versions.
- Confirm no production Kibana instance runs below 7.13.0 or 6.8.16.
- Check external exposure of Kibana endpoints and access controls.
- Review Elastic advisories for any environment-specific follow-up guidance.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-601: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2021-22141 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 6.1 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N2.82.7Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
6.1MediumVector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source materials
- CVE List V5 sourceCVE List V5
- https://www.elastic.co/community/security/CVE reference
- https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964CVE reference
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
URL Redirection to Untrusted Site ('Open Redirect')
URL Redirection to Untrusted Site ('Open Redirect') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
