Описание
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00168
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-306
CWE-264
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
EPSS
Процентиль: 38%
0.00168
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-306
CWE-264