Open Redirect Affecting kibana package, versions >=5.1.1 <5.6.7 >=6.0.0 <6.1.3


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Scope Changed

    Threat Intelligence

    EPSS 0.08% (33rd percentile)
Expand this section
NVD
6.1 medium
Expand this section
Red Hat
4.7 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:kibana:20180130-2
  • published 1 Mar 2018
  • disclosed 29 Jan 2018
  • credit Unknown

How to fix?

Upgrade kibana to version 5.6.7, 6.1.3 or higher.

Overview

kibana is Kibana is an open source (Apache Licensed), browser based analytics and search dashboard for Elasticsearch. Kibana is a snap to setup and start using. Kibana strives to be easy to get started with, while also being flexible and powerful, just like Elastic.

Affected versions of the package are vulnerable to Open Redirect the login page that would enable an attacker to craft a link that redirects to an arbitrary website.