With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.elastic.co/community/security |
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2017-06-16T21:00:00
Updated: 2024-08-06T03:21:50.862Z
Reserved: 2017-05-02T00:00:00
Link: CVE-2016-10364
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-06-16T21:29:00.477
Modified: 2024-11-21T02:43:51.327
Link: CVE-2016-10364
Redhat
No data.