Incomplete Fix for Open Redirect Vulnerability in Kibana Versions 6.0.1 and 5.6.5
CVE-2017-11482 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
Learn more about our Web App Pen Testing.