QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3819

Published: Mar 30, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Vendor	Product	Versions
Elastic	Kibana	affected `All versions before 6.1.3 and 5.6.7`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.