CVE-2016-1000219

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1000219

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000219.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-1000219

Published

2017-06-16T21:29:00Z

Modified

2025-04-20T01:37:25Z

Downstream

RHSA-2016:1836

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

2d248dc25916881521cad4844c2789af3187b065

Fixed

c55c5d9acf510bed020a4fdc1c4ca8c81c7b7a1b