\
2018-12-20
2019-10-09
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.
Medium
Vendor | Product | Versions |
---|---|---|
Elasticsearch | Kibana | 6.3.0 , 5.4.3 , 5.6.9 , 4.1.1 , 4.1.2 , 4.3.1 , 5.6.12 , 5.3.0 , 6.0.1 , 6.0.0 , 5.6.7 , 4.5.3 , 4.5.4 , 6.2.3 , 5.5.1 , 5.0.2 , 4.2.0 , 4.1.8 , 4.0.2 , 5.3.3 , 4.1.3 , 5.0.1 , 4.5.2 , 4.4.2 , 5.2.1 , 5.3.1 , 4.2.2 , 5.4.1 , 5.6.6 , 6.2.2 , 6.2.4 , 6.4.1 , 4.0.0 , 5.4.2 , 4.4.0 , 5.5.2 , 5.6.2 , 5.6.4 , 4.1.5 , 4.1.7 , 6.3.2 , 5.2.2 , 5.3.2 , 5.4.0 , 5.6.10 , 4.3.0 , 5.6.11 , 6.1.4 , 4.3.2 , 4.2.1 , 5.5.3 , 6.3.1 , 6.2.1 , 4.1.4 , 4.0.1 , 4.1.6 , 5.1.2 , 5.6.3 , 5.6.1 , 5.6.8 , 4.0.3 , 6.4.2 , 4.6.0 , 4.1.10 , 4.4.1 , 5.2.0 , 6.4.0 , 6.1.2 , 5.0.0 , 5.6.0 , 6.2.0 , 4.5.1 , 6.1.0 , 4.5.0 , 5.1.1 , 6.1.3 , 4.1.9 , 4.3.3 , 4.1.0 , 5.5.0 , 4.1.11 , 6.1.1 , 5.6.5 |
Date | CVE | Title | CVSS |
---|---|---|---|
2018-12-20 | CVE-2018-17246 | Undefined vulnerability in Elasticsearch and Redhat products | High |