CVE-2016-10364
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10364
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10364.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-10364
- Published
- 2017-06-16T21:29:00Z
- Modified
- 2025-04-20T03:29:21.053597Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/elastic/kibana
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v4.*
v4.0.0
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.0.0BETA1
v4.1.0
v4.2.0-beta1
v5.*
v5.0.0
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v5.0.0-beta1
v5.0.0-rc1
v5.0.1