Open Redirect Vulnerability in Kibana by Elastic
CVE-2017-8451

6.1MEDIUM

Key Information:

Vendor
Elastic
Vendor
CVE Published:
16 June 2017

Summary

Kibana, when used with X-Pack, contains an open redirect vulnerability that affects versions prior to 5.3.1. This security flaw allows attackers to create malicious links that, when followed, can redirect users to unauthorized and potentially harmful websites. This can be exploited to phish for user credentials or to spread malware, emphasizing the need for users to update their Kibana installations to the latest version to mitigate the risk.

Affected Version(s)

Elastic X-Pack Security before 5.3.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.