CVE-2017-11482

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-11482

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11482.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-11482

Published

2017-12-08T18:29:00.273Z

Modified

2026-04-10T03:58:27.648957Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

References

https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

Last affected

12d17c6d111705f0c0c29fbab66eb22eda31dcdf

Introduced

Last affected

d1e7b4cfb06c4d9156fb1e691853b36ff5801d57

Introduced

Last affected

864b8719e2814b7667d5831c415a79026d78ea9f

Introduced

Last affected

f363a8fe7aeeb6a535e0bb43b3b1916f26ab3732

Introduced

Last affected

efd2403e605c9f695a87929083421ba09f3ac54e

Introduced

Last affected

f8bc449f5a6b28d0597730b1cf03fefe7e33422e

Introduced

Last affected

815b082799cc42b0a66d52689d901525b5e6f182

Introduced

Last affected

b7f519704ae0d25f085e3278198e2abec1d9ef6e

Introduced

Last affected

e5b6450423e5b179eb85810b997dd3fd0c8c7ddb

Introduced

Last affected

3cb25ad0b62e8b085f4fabf2af7efca03124c1b9

Introduced

Last affected

04485d7d34cc0e94f58146577892fb2c4a6e7f56

Introduced

Last affected

0766ab238177e366236f3cdf34b19b6c5ffaf837

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-rc2"
        }
    ]
}

Affected versions

v4.*

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.2.0-beta1

v5.*

v5.0.0-alpha5

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v6.*

v6.0.0

v6.0.0-alpha1

v6.0.0-alpha2

v6.0.0-beta1

v6.0.0-beta2

v6.0.0-rc1

v6.0.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11482.json"