Description
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2019-1351 Vulnerability in npm package nodegit
CVE-2013-5855 Vulnerability in maven package com.sun.faces:jsf-impl
CVE-2017-1000093 Vulnerability in maven package org.jenkins-ci.plugins:pollscm
CVE-2018-1000174 Vulnerability in maven package org.jenkins-ci.plugins:google-login
CVE-2013-2172 Vulnerability in maven package org.apache.santuario:xmlsec