\ CVE-2018-17245 - Undefined vulnerability in Elasticsearch Kibana | Vumetric Cyber Portal

CVE-2018-17245 - Undefined vulnerability in Elasticsearch Kibana

Publication

2018-12-20

Last modification

2019-10-09

Summary

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:N/A:N)

Medium

5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Elasticsearch Kibana  6.3.0 , 5.4.3 , 5.6.9 , 4.1.1 , 4.1.2 , 4.3.1 , 5.6.12 , 5.3.0 , 6.0.1 , 6.0.0 , 5.6.7 , 4.5.3 , 4.5.4 , 6.2.3 , 5.5.1 , 5.0.2 , 4.2.0 , 4.1.8 , 4.0.2 , 5.3.3 , 4.1.3 , 5.0.1 , 4.5.2 , 4.4.2 , 5.2.1 , 5.3.1 , 4.2.2 , 5.4.1 , 5.6.6 , 6.2.2 , 6.2.4 , 6.4.1 , 4.0.0 , 5.4.2 , 4.4.0 , 5.5.2 , 5.6.2 , 5.6.4 , 4.1.5 , 4.1.7 , 6.3.2 , 5.2.2 , 5.3.2 , 5.4.0 , 5.6.10 , 4.3.0 , 5.6.11 , 6.1.4 , 4.3.2 , 4.2.1 , 5.5.3 , 6.3.1 , 6.2.1 , 4.1.4 , 4.0.1 , 4.1.6 , 5.1.2 , 5.6.3 , 5.6.1 , 5.6.8 , 4.0.3 , 6.4.2 , 4.6.0 , 4.1.10 , 4.4.1 , 5.2.0 , 6.4.0 , 6.1.2 , 5.0.0 , 5.6.0 , 6.2.0 , 4.5.1 , 6.1.0 , 4.5.0 , 5.1.1 , 6.1.3 , 4.1.9 , 4.3.3 , 4.1.0 , 5.5.0 , 4.1.11 , 6.1.1 , 5.6.5

External references

Related CVE

Date CVE Title CVSS
2018-12-20 CVE-2018-17246 Undefined vulnerability in Elasticsearch and Redhat products High

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.