3 matches found
Open Redirects
Kibana is vulnerable to open redirects from the login page. The fix for CVE-2017-11482 is incomplete allowing attackers to redirect users from the login page to other websites...
CVE-2017-11482
Elastic Kibana with X-Pack is affected by an open redirect on the login page due to an incomplete fix for CVE-2017-8451. Vulnerable: Kibana versions before 6.0.1 and 5.6.5. Impact: an attacker can craft a link that redirects users to an arbitrary website. Mitigation: upgrade to Kibana 6.0.1+ or 5...
Kibana 6.0.1 and 5.6.5 security update
Kibana cross site scripting issue ESA-2017-22 Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting XSS vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Affected Versions: A...