1. CVE-Search
  2. CVE-2019-13423
ID CVE-2019-13423
Summary Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time
References
Vulnerable Configurations
  • cpe:2.3:a:search-guard:search_guard:1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:4.6.0-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:4.6.0-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:4.6.0-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:4.6.0-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.0.2-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.0.2-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.0.2-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.0.2-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.1.1-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.1.1-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.1.1-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.1.1-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.1.2-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.1.2-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.1.2-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.1.2-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.0-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.0-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.0-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.0-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.0-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.0-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.1-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.1-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.1-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.1-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.1-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.1-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.2-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.2-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.2-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.2-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.2.2-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.2.2-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.0-1:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.0-1:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.0-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.0-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.0-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.0-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.1-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.1-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.1-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.1-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.2-2:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.2-2:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.2-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.2-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.3.3-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.3.3-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.0:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.0:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.0-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.0-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.0-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.0-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.1-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.1-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.1-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.1-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.2-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.2-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.2-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.2-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.3-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.3-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.4.3-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.4.3-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.0-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.0-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.0-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.0-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.1-3:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.1-3:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.1-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.1-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.2-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.2-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.5.3-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.5.3-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.0-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.0-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.0-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.0-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.2-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.2-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.2-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.2-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.3-4:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.3-4:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.3-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.3-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.4-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.4-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.5-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.5-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.6-5:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.6-5:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.7-6:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.7-6:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:5.6.8-6:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:5.6.8-6:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.0-8:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.0-8:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.0-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.0-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.1-9:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.1-9:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.1-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.1-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.1-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.1-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.2-9:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.2-9:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.2-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.2-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.2-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.2-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.3-9:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.3-9:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.3-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.3-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.3-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.3-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.1.4-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.1.4-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.1-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.1-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.1-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.1-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.1-14:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.1-14:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.1-15:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.1-15:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.2-10:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.2-10:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.2-12:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.2-12:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.2-14:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.2-14:*:*:*:*:kibana:*:*
  • cpe:2.3:a:search-guard:search_guard:6.2.2-15:*:*:*:*:kibana:*:*
    cpe:2.3:a:search-guard:search_guard:6.2.2-15:*:*:*:*:kibana:*:*
CVSS
Base: 6.5 (as of 08-10-2020 - 12:58)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12
misc https://search-guard.com/cve-advisory/
Last major update 08-10-2020 - 12:58
Published 23-08-2019 - 14:15
Last modified 08-10-2020 - 12:58
Back to Top