← Voltar para CVEs
CVE-2016-1000219
N/ADescricao
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado6/16/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
elastic:kibana
Fraquezas (CWE)
CWE-285
Referencias
http://www.securityfocus.com/bid/99178(cve@mitre.org)
https://www.elastic.co/community/security(cve@mitre.org)
http://www.securityfocus.com/bid/99178(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.