CVE-2019-13422 - Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker

CVE-2019-13422

Summary

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

References

Vulnerable Configurations

cpe:2.3:a:search-guard:search_guard:1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:4.6.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:4.6.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:4.6.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:4.6.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.0.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.0.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.0.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.0.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.1-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.1-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.1.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.2.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-1:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.1-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.2-2:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.3-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.3.3-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.1-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.1-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.2-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.4.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.0-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.1-3:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.1-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.1-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.5.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.0-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.0-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.0-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.2-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.2-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.2-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.3-4:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.3-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.3-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.4-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.4-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.5-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.5-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.6-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.6-5:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.7-6:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.7-6:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.8-6:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:5.6.8-6:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.0-8:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.0-8:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.0-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.0-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.1-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.2-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-9:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.3-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.4-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.1.4-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-14:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-14:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-15:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.1-15:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-10:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-12:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-14:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-14:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-15:*:*:*:*:kibana:*:*
cpe:2.3:a:search-guard:search_guard:6.2.2-15:*:*:*:*:kibana:*:*

CVSS

Base:	5.8 (as of 09-10-2019 - 23:46)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

confirm	https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12
misc	https://search-guard.com/cve-advisory/

Last major update

09-10-2019 - 23:46

Published

23-08-2019 - 14:15

Last modified

09-10-2019 - 23:46