| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-17245 | 5.0 |
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request tha
|
14-08-2020 - 17:31 | 20-12-2018 - 22:29 | |
| CVE-2018-17246 | 7.5 |
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to a
|
14-08-2020 - 17:30 | 20-12-2018 - 22:29 | |
| CVE-2018-17244 | 4.0 |
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same u
|
09-10-2019 - 23:36 | 20-12-2018 - 22:29 |