Vulnerabilities > Elastic > Kibana

DATE CVE VULNERABILITY TITLE RISK
2017-06-16 CVE-2017-8451 Open Redirect vulnerability in Elastic Kibana
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
network
low complexity
elastic CWE-601
6.1
6.1
2017-06-16 CVE-2016-10366 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.
network
low complexity
elastic CWE-79
6.1
6.1
2017-06-16 CVE-2016-10365 Open Redirect vulnerability in Elastic Kibana
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.
network
low complexity
elastic CWE-601
6.1
6.1
2017-06-16 CVE-2016-10364 Permissions, Privileges, and Access Controls vulnerability in Elastic Kibana 5.0.0/5.0.1
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
network
low complexity
elastic CWE-264
6.5
6.5
2017-06-16 CVE-2016-1000220 Cross-site Scripting vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
network
low complexity
elastic CWE-79
6.1
6.1
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files.
network
low complexity
elastic CWE-285
7.5
7.5
2017-06-16 CVE-2015-9056 Cross-site Scripting vulnerability in Elastic Kibana
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
network
low complexity
elastic CWE-79
6.1
6.1
2017-06-05 CVE-2017-8440 Cross-site Scripting vulnerability in Elastic Kibana
Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
network
low complexity
elastic CWE-79
6.1
6.1
2017-06-05 CVE-2017-8439 Cross-site Scripting vulnerability in Elastic Kibana 5.4.0
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder.
network
low complexity
elastic CWE-79
6.1
6.1