← Back to CVEs
CVE-2016-1000219
N/ADescription
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
CVE Details
CVSS v3.1 ScoreN/A
Published6/16/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
elastic:kibana
Weaknesses (CWE)
CWE-285
References
http://www.securityfocus.com/bid/99178(cve@mitre.org)
https://www.elastic.co/community/security(cve@mitre.org)
http://www.securityfocus.com/bid/99178(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.