CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17245

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile28.39th
PublishedDec 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.

Affected Platforms (CPE)

πŸ“¦
Elastic

Kibana

>= 4.0.0 and <= 4.6.0
πŸ“¦
Elastic

Kibana

>= 5.0.0 and <= 5.6.12
πŸ“¦
Elastic

Kibana

>= 6.0.0 and <= 6.4.2

References & Advisories

πŸ”— https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
πŸ”— https://www.elastic.co/community/security
πŸ”— https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
πŸ”— https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2018-172469.8

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to...

CVE-2019-76109.0

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the s...

CVE-2019-134238.8

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impers...