Description
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
Remediation
References
https://www.elastic.co/community/security
Related Vulnerabilities
CVE-2017-1000090 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy
CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2019-10460 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth
CVE-2018-11788 Vulnerability in maven package org.apache.karaf.specs:org.apache.karaf.specs.java.xml