Description
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework
CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2021-27807 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2021-21118 Vulnerability in npm package electron
CVE-2014-2062 Vulnerability in maven package org.jenkins-ci.main:jenkins-core