Description

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Remediation

References

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-pmml-examples

CVE-2018-1114 Vulnerability in maven package io.undertow:undertow-core

CVE-2020-7009 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2019-1003036 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

CVE-2018-10054 Vulnerability in maven package com.h2database:h2

Severity

High

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory