Veracode Vulnerability DatabaseVERACODE:7698Information Disclosure
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
kibana is vulnerable to information disclosure attacks. The vulnerability exists as plaintext credentials are being sent in the HTTP request during the PDF generation process, allowing an external resource provider to view the credentials.
References
discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
github.com/elastic/kibana/commit/7bac28be6bccbcd3eaace34a60011eb49b96d07e
github.com/elastic/kibana/commit/9f4ec18000a74e269276ff943979799ccbd4d950
github.com/elastic/kibana/pull/24177
github.com/elastic/kibana/pull/24236
www.elastic.co/community/security
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N