CVE-2016-10364 Vulnerability in npm package kibana

Description

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Remediation

References

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view

CVE-2017-1000006 Vulnerability in npm package plotly.js

CVE-2019-10475 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

CVE-2015-5345 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2023-32070 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-syntax-html5

Severity

High

Classification

CWE-306 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N