CVE Vulnerabilities

CVE-2016-10364

Published: Jun 16, 2017 | Modified: Aug 14, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Affected Software

Name Vendor Start Version End Version
Kibana Elastic 5.0.1 5.0.1
Kibana Elastic 5.0.0 5.0.0

References