With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2017-06-16T21:00:00

Updated: 2024-08-06T03:21:50.862Z

Reserved: 2017-05-02T00:00:00

Link: CVE-2016-10364

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-16T21:29:00.477

Modified: 2024-11-21T02:43:51.327

Link: CVE-2016-10364

cve-icon Redhat

No data.