CVE-2017-8443
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-8443
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8443.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-8443
- Published
- 2017-06-30T19:29:00Z
- Modified
- 2025-04-20T04:13:42.808176Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/elastic/kibana
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v4.*
v4.0.0
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.0.0BETA1
v4.1.0
v4.2.0-beta1
v5.*
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v5.4.0
v5.4.1
v5.4.2