Description
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2021-41184 Vulnerability in npm package jquery-ui
CVE-2017-8028 Vulnerability in maven package org.springframework.ldap:spring-ldap-core
CVE-2011-0533 Vulnerability in maven package org.apache.archiva:archiva-common