QwikSec

Security Database

CVE

CWE

Training

CVE-2018-17245

Published: Dec 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.

Vendor	Product	Versions
Elastic	Kibana	affected `4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594

x_refsource_MISC

https://www.elastic.co/community/security

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.