CVE-2017-8443

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-8443

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8443.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-8443

Published

2017-06-30T19:29:00.180Z

Modified

2026-03-10T14:31:37.686203Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.

References

https://www.elastic.co/community/security

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

Last affected

5aaf7ebf6cd3398b2ba6076d4e4e7e070e19a5a3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.2"
        }
    ]
}

Affected versions

v4.*

v4.0.0

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.0.0BETA1

v4.1.0

v4.2.0-beta1

v5.*

v5.0.0-alpha5

v5.4.0

v5.4.1

v5.4.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8443.json"