CVE-2017-8443

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
References
Link Resource
https://www.elastic.co/community/security Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-30 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-8443

Mitre link : CVE-2017-8443

CVE.ORG link : CVE-2017-8443


JSON object : View

Products Affected

elastic

  • kibana
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-598

Use of GET Request Method With Sensitive Query Strings