cvelistv5 - cve-2017-11482

CVE-2017-11482 (GCVE-0-2017-11482)

Vulnerability from cvelistv5

Published

2017-12-08 18:00

Modified

2024-08-05 18:12

Severity ?

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Summary

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

References

URL

Tags

	bressers@elastic.co	https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Elastic	Kibana	Version: before 6.0.1 and 5.6.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:39.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kibana",
          "vendor": "Elastic",
          "versions": [
            {
              "status": "affected",
              "version": "before 6.0.1 and 5.6.5"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T17:57:01",
        "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "shortName": "elastic"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@elastic.co",
          "ID": "CVE-2017-11482",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kibana",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 6.0.1 and 5.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Elastic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571",
              "refsource": "CONFIRM",
              "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
    "assignerShortName": "elastic",
    "cveId": "CVE-2017-11482",
    "datePublished": "2017-12-08T18:00:00",
    "dateReserved": "2017-07-20T00:00:00",
    "dateUpdated": "2024-08-05T18:12:39.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11482\",\"sourceIdentifier\":\"bressers@elastic.co\",\"published\":\"2017-12-08T18:29:00.273\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que la correcci\u00f3n de Kibana para CVE-2017-8451 est\u00e1 incompleta. Con X-Pack instalado, las versiones anteriores a la 6.0.1 y 5.6.5 de Kibana tienen una vulnerabilidad de redirecci\u00f3n abierta en la p\u00e1gina de inicio de sesi\u00f3n que podr\u00edan permitir que un atacante cree un enlace que redirija a un sitio web arbitrario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"bressers@elastic.co\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C22151C-45AD-44DB-B3E0-178BC93CC8DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EAB4F2B-26A1-4F1C-BA4D-1B1D2DAFC8EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EEC2D6D-D18A-4E5A-999F-46101D21EE6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92FED321-3988-4E5E-993B-C205F772D41F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29554EC2-EC90-4EDA-B3BB-705BDF446A04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A7247C-F032-4A8A-A854-9119020AEA53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FC1C2A2-509F-4C21-9D82-862146EA6B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9A41CB-1852-4BF2-AC39-A92E2EAAB9D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"804F2D2F-9A4A-4179-B774-14B7B293C6F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC11C2B1-EB71-4D19-A592-99452D4E5285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AAE3FEE-A2F1-41C8-9C38-ECA9B3203B44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"335B93D1-893F-494A-8F0D-176585DDD53A\"}]}]}],\"references\":[{\"url\":\"https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571\",\"source\":\"bressers@elastic.co\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cnvd-2018-00861

Vulnerability from cnvd

Title

Elasticsearch Kibana开放重定向漏洞（CNVD-2018-00861）

Description

Elasticsearch Kibana（前称elasticsearch-dashboard）是荷兰Elasticsearch公司的一套开源的、基于浏览器的分析和搜索Elasticsearch仪表板工具。 Elasticsearch Kibana 6.0.1之前的版本和5.6.5之前的版本中的登录页面存在开放重定向漏洞。攻击者可通过构造链接利用该漏洞将用户重定向到任意网站。

Severity

中

Patch Name

Elasticsearch Kibana开放重定向漏洞（CNVD-2018-00861）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.elastic.co/guide/en/kibana/index.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-11482

Impacted products

Name
['ElasticSearch Kibana <6.0.1', 'ElasticSearch Kibana <5.6.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11482",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11482"
    }
  },
  "description": "Elasticsearch Kibana\uff08\u524d\u79f0elasticsearch-dashboard\uff09\u662f\u8377\u5170Elasticsearch\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5206\u6790\u548c\u641c\u7d22Elasticsearch\u4eea\u8868\u677f\u5de5\u5177\u3002\r\n\r\nElasticsearch Kibana 6.0.1\u4e4b\u524d\u7684\u7248\u672c\u548c5.6.5\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u767b\u5f55\u9875\u9762\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e \u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6784\u9020\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.elastic.co/guide/en/kibana/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00861",
  "openTime": "2018-01-12",
  "patchDescription": "Elasticsearch Kibana\uff08\u524d\u79f0elasticsearch-dashboard\uff09\u662f\u8377\u5170Elasticsearch\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5206\u6790\u548c\u641c\u7d22Elasticsearch\u4eea\u8868\u677f\u5de5\u5177\u3002\r\n\r\nElasticsearch Kibana 6.0.1\u4e4b\u524d\u7684\u7248\u672c\u548c5.6.5\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u767b\u5f55\u9875\u9762\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e \u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6784\u9020\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Elasticsearch Kibana\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff08CNVD-2018-00861\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ElasticSearch Kibana \u003c6.0.1",
      "ElasticSearch Kibana \u003c5.6.5"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11482",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-11",
  "title": "Elasticsearch Kibana\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff08CNVD-2018-00861\uff09"
}

fkie_cve-2017-11482

Vulnerability from fkie_nvd

Published

2017-12-08 18:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	security@elastic.co	https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571	Vendor Advisory

Impacted products

Vendor	Product	Version
elastic	kibana	5.6.0
elastic	kibana	5.6.1
elastic	kibana	5.6.2
elastic	kibana	5.6.3
elastic	kibana	5.6.4
elastic	kibana	6.0.0
elastic	kibana	6.0.0
elastic	kibana	6.0.0
elastic	kibana	6.0.0
elastic	kibana	6.0.0
elastic	kibana	6.0.0
elastic	kibana	6.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C22151C-45AD-44DB-B3E0-178BC93CC8DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAB4F2B-26A1-4F1C-BA4D-1B1D2DAFC8EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EEC2D6D-D18A-4E5A-999F-46101D21EE6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92FED321-3988-4E5E-993B-C205F772D41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29554EC2-EC90-4EDA-B3BB-705BDF446A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A7247C-F032-4A8A-A854-9119020AEA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "9FC1C2A2-509F-4C21-9D82-862146EA6B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "DC9A41CB-1852-4BF2-AC39-A92E2EAAB9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "804F2D2F-9A4A-4179-B774-14B7B293C6F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "DC11C2B1-EB71-4D19-A592-99452D4E5285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8AAE3FEE-A2F1-41C8-9C38-ECA9B3203B44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "335B93D1-893F-494A-8F0D-176585DDD53A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que la correcci\u00f3n de Kibana para CVE-2017-8451 est\u00e1 incompleta. Con X-Pack instalado, las versiones anteriores a la 6.0.1 y 5.6.5 de Kibana tienen una vulnerabilidad de redirecci\u00f3n abierta en la p\u00e1gina de inicio de sesi\u00f3n que podr\u00edan permitir que un atacante cree un enlace que redirija a un sitio web arbitrario."
    }
  ],
  "id": "CVE-2017-11482",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-08T18:29:00.273",
  "references": [
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2017-11482

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-11482

Aliases

CVE-2017-11482

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11482",
    "description": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",
    "id": "GSD-2017-11482"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11482"
      ],
      "details": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",
      "id": "GSD-2017-11482",
      "modified": "2023-12-13T01:21:15.939302Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@elastic.co",
        "ID": "CVE-2017-11482",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Kibana",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 6.0.1 and 5.6.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Elastic"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571",
            "refsource": "CONFIRM",
            "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@elastic.co",
          "ID": "CVE-2017-11482"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-08-14T17:30Z",
      "publishedDate": "2017-12-08T18:29Z"
    }
  }
}

ghsa-28c3-wp2j-prjr

Vulnerability from github

Published

2022-05-13 01:23

Modified

2022-05-13 01:23

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-11482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-08T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.",
  "id": "GHSA-28c3-wp2j-prjr",
  "modified": "2022-05-13T01:23:29Z",
  "published": "2022-05-13T01:23:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11482"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-11482 (GCVE-0-2017-11482)

Vulnerability from cvelistv5

cnvd-2018-00861

Vulnerability from cnvd

fkie_cve-2017-11482

Vulnerability from fkie_nvd

gsd-2017-11482

Vulnerability from gsd

ghsa-28c3-wp2j-prjr

Vulnerability from github

Tags

Sightings

Nomenclature