// For flags

CVE-2017-11482

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Se ha descubierto que la corrección de Kibana para CVE-2017-8451 está incompleta. Con X-Pack instalado, las versiones anteriores a la 6.0.1 y 5.6.5 de Kibana tienen una vulnerabilidad de redirección abierta en la página de inicio de sesión que podrían permitir que un atacante cree un enlace que redirija a un sitio web arbitrario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-20 CVE Reserved
  • 2017-12-08 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
5.6.0
Search vendor "Elastic" for product "Kibana" and version "5.6.0"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
5.6.1
Search vendor "Elastic" for product "Kibana" and version "5.6.1"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
5.6.2
Search vendor "Elastic" for product "Kibana" and version "5.6.2"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
5.6.3
Search vendor "Elastic" for product "Kibana" and version "5.6.3"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
5.6.4
Search vendor "Elastic" for product "Kibana" and version "5.6.4"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
-
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
alpha1
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
alpha2
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
beta1
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
beta2
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
rc1
Affected
Elastic
Search vendor "Elastic"
Kibana
Search vendor "Elastic" for product "Kibana"
6.0.0
Search vendor "Elastic" for product "Kibana" and version "6.0.0"
rc2
Affected