Описание
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.3 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.6 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.7 | kibana | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | kibana | Not affected | ||
| Red Hat OpenShift Enterprise 3.0 | kibana | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an ...
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
7.5 High
CVSS3