CVE-2016-10364

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10364
Published
2017-06-16T21:29:00.477Z
Modified
2026-03-13T22:25:47.950481Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c5af7a418333df6a934b8d1a5648c675641388bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ee15d7ceb10d52bef0e5ee58d3f9c5a238cb786
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.0.1"
        }
    ]
}

Affected versions

v4.*
v4.0.0
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.0.0BETA1
v4.1.0
v4.2.0-beta1
v5.*
v5.0.0
v5.0.0-alpha5
v5.0.0-beta1
v5.0.0-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10364.json"