HomePentest-Tools.com Logo

Elastic Kibana 4.0 <= 4.6 / 5.0 <= 5.6.12 / 6.0 <= 6.4.2 Credential Exposure Vulnerability (Windows) CVE-2018-17245

Severity
CVSSv3 Score
9.8
Vulnerability description

Kibana is prone to an information disclosure vulnerability.

Risk description

Affected versions of Kibana contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. Successful exploitation would allow an attacker to obtain user authentication credentials (i.e., Kibana username and password in reversible hashed format).

Recommendation

Update to version 5.6.13 or 6.4.3 respectively.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 20, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available