CVE-2016-10364

Name of the Vulnerable Software and Affected Versions Kibana versions 5.0.0 through 5.0.1

Description The issue concerns improper authentication of requests to advanced settings and the short URL service in Kibana when X-Pack is installed. This allows any authenticated user to make requests to those services, regardless of their permissions.

Recommendations For Kibana versions 5.0.0 and 5.0.1, consider restricting access to the advanced settings and short URL service until a proper fix is applied. As a temporary workaround, consider disabling the X-Pack plugin to prevent exploitation of this issue.