Open Redirect
Affecting kibana package, versions <5.3.1
Do your applications use this vulnerable package?
Test your applications
Overview
Kibana
is an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.
Affected versions of this package are vulnerable to Open Redirect.
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Shield versions for Kibana prior to 2.4.5 are also affected.
References
CVSS Score
6.1
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeChanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityNone
- Credit
- Unknown
- CVE
- CVE-2017-8451
- CWE
- CWE-79
- Snyk ID
- npm:kibana:20170616
- Disclosed
- 16 Jun, 2017
- Published
- 22 Jan, 2018