Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-16T21:00:00

Updated: 2024-08-06T03:55:27.714Z

Reserved: 2016-09-12T00:00:00

Link: CVE-2016-1000219

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-06-16T21:29:00.273

Modified: 2020-08-14T17:07:16.720

Link: CVE-2016-1000219

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-08-03T00:00:00Z

Links: CVE-2016-1000219 - Bugzilla