CVE-2017-11482 — MEDIUM (6.1)

Vulnerability Description

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Elastic	Kibana	5.6.0

Related Weaknesses (CWE)

CWE-601

References

https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571Vendor Advisory
https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571Vendor Advisory

FAQ

What is CVE-2017-11482?

CVE-2017-11482 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an at...

How severe is CVE-2017-11482?

CVE-2017-11482 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11482?

Check the references section above for vendor advisories and patch information. Affected products include: Elastic Kibana.