Open Redirects

2017-12-1102:36:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

38.3%

JSON

Kibana is vulnerable to open redirect attacks. The fix for CVE-2017-8451 was found to be incomplete, therefore when X-Pack is installed the open redirect in the login page remains.

CPENameOperatorVersion
kibanale6.0.0
kibanale5.6.4
kibanaeq5.1.1

Name	Operator	Version
kibana	le	6.0.0
kibana	le	5.6.4
kibana	eq	5.1.1

References

discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571

www.sourceclear.com/registry/security/open-redirect-attack/javascript/sid-4433/summary

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for VERACODE:5548