Description
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
Remediation
References
https://github.com/floragunncom/search-guard-kibana-plugin/pull/140
https://docs.search-guard.com/latest/changelog-kibana-6.x-16
Related Vulnerabilities
CVE-2018-16487 Vulnerability in maven package org.webjars.npm:lodash
CVE-2019-10406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-2136 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast
CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger