PT-2017-7670 · Elastic · Kibana

Publicado

2017-06-16

Atualizado

2020-08-14

CVE-2016-1000219

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 4.5.4 Kibana versions prior to 4.1.11

Description The issue allows cookies and authorization headers to be written to log files when a custom output is configured for logging. This could potentially be used to hijack sessions of other users, especially when Kibana is used behind some form of authentication.

Recommendations For versions prior to 4.5.4, update to version 4.5.4 or later to resolve the issue. For versions prior to 4.1.11, update to version 4.1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of session hijacking.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

CVE-2016-1000219

RHSA-2016:1836

Produtos afetados

Kibana

PT-2017-7670 · Elastic · Kibana

CVE-2016-1000219

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5