Description
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2017-15702 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2023-29527 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2022-46363 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:portal-impl