CVE-2017-8451Open Redirect in Kibana

CWE-601Open Redirect8 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 55.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elastic KibanaElastic X-pack Security
Timeline
PublishedJun 16
Latest updateMay 13

Description

With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDelastic/kibana5.3.0
CVEListV5elastic/elastic_x-pack_securitybefore 5.3.1

🔴Vulnerability Details

2
GHSA
GHSA-r58v-fqqp-24p8: With X-Pack installed, Kibana versions before 52022-05-13
CVEList
CVE-2017-8451: With X-Pack installed, Kibana versions before 52017-06-16

📋Vendor Advisories

2
Red Hat
kibana: open redirect on the login page (ESA-2017-23)2017-12-17
Red Hat
kibana: open redirect on the login page (ESA-2017-04 )2017-04-20

💬Community

3
Bugzilla
CVE-2017-8451 puppet-kibana3: kibana: open redirect on the login page (ESA-2017-04 ) [openstack-rdo]2018-01-25
Bugzilla
CVE-2017-11482 kibana: open redirect on the login page (ESA-2017-23)2018-01-25
Bugzilla
CVE-2017-8451 kibana: open redirect on the login page (ESA-2017-04 )2018-01-25
CVE-2017-8451 — Open Redirect in Elastic Kibana | cvebase