Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-16T21:00:00
Updated: 2024-08-06T03:55:27.714Z
Reserved: 2016-09-12T00:00:00
Link: CVE-2016-1000219
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-06-16T21:29:00.273
Modified: 2020-08-14T17:07:16.720
Link: CVE-2016-1000219
Redhat