6.1

CVE-2017-11482

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElasticKibana Version5.6.0
ElasticKibana Version5.6.1
ElasticKibana Version5.6.2
ElasticKibana Version5.6.3
ElasticKibana Version5.6.4
ElasticKibana Version6.0.0
ElasticKibana Version6.0.0 Updatealpha1
ElasticKibana Version6.0.0 Updatealpha2
ElasticKibana Version6.0.0 Updatebeta1
ElasticKibana Version6.0.0 Updatebeta2
ElasticKibana Version6.0.0 Updaterc1
ElasticKibana Version6.0.0 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.387
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.