Lucene search
HistoryDec 07, 2015 - 8:59 p.m.
CVE-2015-8131
cve-2015-8131
csrf vulnerability
elasticsearch
kibana
remote attackers
authentication hijacking
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.1%
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Affected configurations
Node
elastickibanaRange≤4.1.2
ORelastickibanaMatch4.2.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| elastic:kibana | elastic kibana | le | 4.1.2 |
| elastic:kibana | elastic kibana | eq | 4.2.0 |
Related
openvas
openvas
Elastic Kibana Cross-site Request Forgery (CSRF) Vulnerability - Windows
2016-06-22 00:00:00
Elastic Kibana Cross-site Request Forgery (CSRF) Vulnerability - Linux
2016-06-28 00:00:00
nvd
nvd
CVE-2015-8131
2015-12-07 20:59:16
freebsd
freebsd
kibana4 -- CSRF vulnerability
2015-11-17 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-12-07 20:59:00
cvelist
cvelist
CVE-2015-8131
2015-12-07 20:00:00
nessus
nessus
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
40.1%
Related for CVE-2015-8131