2 matches found
Arbitrary Code Execution
elastic/elasticsearch is vulnerable to Arbitrary Code Execution. The vulnerability exists due to a redirect issue that leads to a user being redirected to an arbitrary website if they use a maliciously crafted kibana url...
CVE-2017-8443
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be...