CVE-2017-11481

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-11481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-11481
Related
Published
2017-12-08T18:29:00Z
Modified
2024-09-03T03:40:24.792394Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Type
GIT
Repo
https://github.com/elastic/kibana
Events

Affected versions

v0.*

v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2

v1.*

v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1

v4.*

v4.0.0
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.0.0BETA1
v4.1.0
v4.2.0-beta1

v5.*

v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v5.6.0
v5.6.1
v5.6.2
v5.6.3

v6.*

v6.0.0-alpha1
v6.0.0-alpha2
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-rc1