0.001 Low
EPSS
Percentile
38.3%
Kibana is vulnerable to open redirect attacks. The fix for CVE-2017-8451 was found to be incomplete, therefore when X-Pack is installed the open redirect in the login page remains.
CVE-2017-8451
discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571
www.sourceclear.com/registry/security/open-redirect-attack/javascript/sid-4433/summary