Description
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2017-12629 Vulnerability in maven package org.apache.lucene:lucene-queryparser
CVE-2023-46654 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2013-6448 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting
CVE-2017-8046 Vulnerability in maven package org.springframework.boot:spring-boot-starter-data-rest