Vulnerabilities > Elastic > Kibana > 4.1.1

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-17245 Insufficiently Protected Credentials vulnerability in Elastic Kibana
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports.
network
low complexity
elastic CWE-522
5.0
2018-03-30 CVE-2018-3819 Open Redirect vulnerability in Elastic Kibana
The fix in Kibana for ESA-2017-23 was incomplete.
network
elastic CWE-601
5.8
2017-06-30 CVE-2017-8443 Information Exposure vulnerability in Elastic Kibana
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen.
network
elastic CWE-200
4.3
2017-06-16 CVE-2017-8452 Uncontrolled File Descriptor Consumption vulnerability in Elastic Kibana
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.
network
low complexity
elastic CWE-769
5.0
2017-06-16 CVE-2017-8451 Open Redirect vulnerability in Elastic Kibana
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
network
elastic CWE-601
5.8
2017-06-16 CVE-2016-10365 Open Redirect vulnerability in Elastic Kibana
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.
network
elastic CWE-601
5.8
2017-06-16 CVE-2016-1000220 Cross-site Scripting vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
network
elastic CWE-79
4.3
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files.
network
low complexity
elastic CWE-285
5.0
2017-06-16 CVE-2015-9056 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
network
elastic CWE-79
4.3
2015-12-07 CVE-2015-8131 Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
elastic CWE-352
6.8