Authentication Bypass Vulnerability in Kibana 5.0.0 and 5.0.1 with X-Pack

Authentication Bypass Vulnerability in Kibana 5.0.0 and 5.0.1 with X-Pack

CVE-2016-10364 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Learn more about our User Device Pen Test.