Description
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2016-6651 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2014-0110 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2013-2160 Vulnerability in maven package org.apache.cxf:apache-cxf
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans