← Back

CVE-2017-11482

nvd nist
Published: Dec 8, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Affected (12)

Products: Elastic: Kibana
Elastic
1 product
Kibana
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Elastic
Kibana
Version 5.6.0
Kibana
Version 5.6.1
Kibana
Version 5.6.2
Kibana
Version 5.6.3
Kibana
Version 5.6.4
Kibana
Version 6.0.0
Kibana
Version 6.0.0 alpha1
Kibana
Version 6.0.0 alpha2
Kibana
Version 6.0.0 beta1
Kibana
Version 6.0.0 beta2
Kibana
Version 6.0.0 rc1
Kibana
Version 6.0.0 rc2

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

Source: security@elastic.co
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.