Kibana@4.1.0 Security Vulnerabilities and Issues — Kibana@4.1.0 CVE List

Lucene search

ElasticKibana4.1.0

3 matches found

CVE•added 2017/06/16 9:29 p.m.•53 views

CVE-2016-1000220

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.

6.1CVSS6.3AI score0.003EPSS

CVE•added 2017/06/16 9:29 p.m.•49 views

CVE-2016-1000219

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

7.5CVSS7.4AI score0.00678EPSS

CVE•added 2017/06/16 9:29 p.m.•47 views

CVE-2015-9056

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.

6.1CVSS5.9AI score0.0029EPSS