CVE-2019-13423

Name of the Vulnerable Software and Affected Versions Search Guard Kibana Plugin versions before 5.6.8-7 Search Guard Kibana Plugin versions before 6.x.y-12

Description The issue allows an authenticated Kibana user to impersonate as the kibanaserver user when providing wrong credentials under specific conditions. These conditions include: Kibana being configured to use Single-Sign-On as the authentication method with one of Kerberos, JWT, Proxy, or Client certificate; the kibanaserver user being configured to use HTTP Basic as the authentication method; and Search Guard being configured to use an SSO authentication domain and HTTP Basic at the same time.

Recommendations For Search Guard Kibana Plugin versions before 5.6.8-7, update to version 5.6.8-7 or later to resolve the issue. For Search Guard Kibana Plugin versions before 6.x.y-12, update to version 6.x.y-12 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTP Basic authentication for the kibanaserver user until a patch is available. Restrict access to the SSO authentication domain to minimize the risk of exploitation.