Homepage
About Snyk

Open Redirect Affecting kibana package, versions >=5.1.1 <5.6.7 >=6.0.0 <6.1.3

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.08% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:kibana:20180130-2
  • published 1 Mar 2018
  • disclosed 29 Jan 2018
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 29 Jan 2018

CVE-2018-3819 Open this link in a new tab
CWE-601 Open this link in a new tab

How to fix?

Upgrade kibana to version 5.6.7, 6.1.3 or higher.

Overview

kibana is Kibana is an open source (Apache Licensed), browser based analytics and search dashboard for Elasticsearch. Kibana is a snap to setup and start using. Kibana strives to be easy to get started with, while also being flexible and powerful, just like Elastic.

Affected versions of the package are vulnerable to Open Redirect the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.1 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Changed
  • Confidentiality (C)
    Low
  • Integrity (I)
    Low
  • Availability (A)
    None