CVE-2015-8131
published 2015-12-07CVE-2015-8131: Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the…
PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.88%
54.6th percentile
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | <= 4.1.2 | — |
| elastic | kibana | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7859-hq37-wvr5: Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4
ghsa_unreviewed·2022-05-13
CVE-2015-8131 [MEDIUM] CWE-352 GHSA-7859-hq37-wvr5: Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Red Hat
kibana: Cross-Site Request Forgery vulnerability
vendor_redhat·2015-11-18·CVSS 6.8
CVE-2015-8131 [MEDIUM] CWE-352 kibana: Cross-Site Request Forgery vulnerability
kibana: Cross-Site Request Forgery vulnerability
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Package: kibana (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools) - Will not fix
No detection rules found.
No public exploits indexed.
2015-12-07
Published