The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:kibana:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.3.0-16"
}
]
}