SB2017061709 - Permissions, Privileges, and Access Controls in Kibana

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017061709

SB2017061709 - Permissions, Privileges, and Access Controls in Kibana

Published: June 17, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017061709
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-10364)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.


Remediation

Install update from vendor's website.

References