Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1000219

Опубликовано: 03 авг. 2016
Источник: redhat
CVSS3: 4.8
CVSS2: 4.1
EPSS Низкий

Описание

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational ToolskibanaWill not fix
Red Hat OpenStack Platform 10 (Newton) Operational ToolskibanaNot affected
Red Hat OpenStack Platform 8 (Liberty) Operational ToolskibanaWill not fix
Red Hat OpenStack Platform 9 (Mitaka) Operational ToolskibanaWill not fix
Red Hat OpenShift Container Platform 3.2kibanaFixedRHSA-2016:183608.09.2016
Red Hat OpenShift Container Platform 3.2openshift-elasticsearch-pluginFixedRHSA-2016:183608.09.2016
Red Hat OpenShift Enterprise 3.1kibanaFixedRHSA-2016:183608.09.2016
Red Hat OpenShift Enterprise 3.1openshift-elasticsearch-pluginFixedRHSA-2016:183608.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1364394kibana: Session hijack via stealing cookies and auth headers from log ESA-2016-04

EPSS

Процентиль: 71%
0.00678
Низкий

4.8 Medium

CVSS3

4.1 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-1000219

CVSS3: 7.5
nvd
больше 8 лет назад

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

debian логотип

CVE-2016-1000219

CVSS3: 7.5
debian
больше 8 лет назад

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for ...

github логотип

GHSA-q36m-wm9g-699v

CVSS3: 7.5
github
больше 3 лет назад

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

EPSS

Процентиль: 71%
0.00678
Низкий

4.8 Medium

CVSS3

4.1 Medium

CVSS2