Open Redirect Affecting kibana package, versions <4.6.2 >=5.0.0 <5.0.1


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Scope Changed

    Threat Intelligence

    EPSS 0.09% (37th percentile)
Expand this section
NVD
6.1 medium
Expand this section
Red Hat
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-KIBANA-451474
  • published 3 Jul 2019
  • disclosed 16 Jun 2017
  • credit Unknown

How to fix?

Upgrade kibana to version 4.6.2, 5.0.1 or higher.

Overview

kibana is an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.

Affected versions of this package are vulnerable to Open Redirect. An attacker can craft a link in the Kibana domain that redirects to an arbitrary website.