Description

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Remediation

References

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2010-1157 Vulnerability in maven package tomcat:catalina

CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2023-33948 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-email

CVE-2022-42124 Vulnerability in maven package com.liferay:com.liferay.layout.page.template.service

Severity

High

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory