CVE-2016-1000219
CVE-2016-1000219 affects Kibana prior to 4.5.4 and 4.1.11. When a custom output is configured for logging in, cookies and authorization headers could be written to Kibana log files, enabling a local attacker to hijack sessions of other users in environments using authentication like Shield. The p...