Overview
- Description
- With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
- Source
- bressers@elastic.co
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAAFDC79-44C7-4CD4-BAF7-E4263A94D55E"
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19498633-0929-4FA6-84AA-21D392CF9431"
}
],
"operator": "OR"
}
]
}
]