CVE-2016-1000219

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-1000219

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000219.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-1000219

Downstream

RHSA-2016:1836

Published

2017-06-16T21:29:00.273Z

Modified

2026-03-15T14:20:07.472561Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

2d248dc25916881521cad4844c2789af3187b065

Fixed

c55c5d9acf510bed020a4fdc1c4ca8c81c7b7a1b

Introduced

ff5cfc5d05a58e53f7acaa762428fa803318d31e

Fixed

00d0f493b91e3215703b8c8a64ec09966216ed95

Database specific

{
    "versions": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.11"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000219.json"