CVE-2015-8131 β€” Cross-Site Request Forgery in Kibana

CWE-352 β€” Cross-Site Request Forgery5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 63.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedDec 7
Latest updateMay 13

Description

Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDelastic/kibana4.1.2+1

πŸ”΄Vulnerability Details

2
GHSA
GHSA-7859-hq37-wvr5: Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4β†—2022-05-13
β–Ά
CVEList
CVE-2015-8131: Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4β†—2015-12-07
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
kibana: Cross-Site Request Forgery vulnerability↗2015-11-18
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2015-8131 kibana: Cross-Site Request Forgery vulnerability↗2015-11-19
β–Ά
CVE-2015-8131 β€” Cross-Site Request Forgery in Elastic | cvebase