Lucene search
RedHatRHSA-2016:1836HistorySep 08, 2016 - 4:14 p.m.
(RHSA-2016:1836) Moderate: Red Hat OpenShift Enterprise Kibana security update
2016-09-0816:14:27
access.redhat.com
9
0.001 Low
EPSS
Percentile
40.5%
OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-
as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.
Security Fix(es):
-
A flaw was found in Kibana’s logging functionality. If custom logging
output was configured in Kibana, private user data could be written to the
Kibana log files. A system attacker could use this data to hijack sessions
of other users when using Kibana behind some form of authentication such as
Shield. -
A cross-site scripting (XSS) flaw was found in Kibana. A remote attacker
could use this flaw to inject arbitrary web script into pages served to
other users.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | openshift-elasticsearch-plugin | < 0.16.0.redhat_1-1.el7 | openshift-elasticsearch-plugin-0.16.0.redhat_1-1.el7.noarch.rpm |
| RedHat | 7 | x86_64 | kibana | < 4.1.11-1.el7 | kibana-4.1.11-1.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | kibana-debuginfo | < 4.1.11-1.el7 | kibana-debuginfo-4.1.11-1.el7.x86_64.rpm |
Related
openvas
openvas
Elastic Kibana Multiple Vulnerabilities (Jul 2017)
2017-07-03 00:00:00
prion
prion
Design/Logic Flaw
2017-06-16 21:29:00
Authorization
2017-06-16 21:29:00
redhatcve
redhatcve
CVE-2016-1000219
2016-09-09 17:17:11
CVE-2016-1000220
2016-09-09 16:48:39
cve
cve
CVE-2016-1000220
2017-06-16 21:29:00
CVE-2016-1000219
2017-06-16 21:29:00
osv
osv
CVE-2016-1000219
2017-06-16 21:29:00
CVE-2016-1000220
2017-06-16 21:29:00
nvd
nvd
CVE-2016-1000220
2017-06-16 21:29:00
CVE-2016-1000219
2017-06-16 21:29:00
cvelist
cvelist
CVE-2016-1000220
2017-06-16 21:00:00
CVE-2016-1000219
2017-06-16 21:00:00
