Incomplete Fix for Open Redirect Vulnerability in Kibana Versions 6.0.1 and 5.6.5

Incomplete Fix for Open Redirect Vulnerability in Kibana Versions 6.0.1 and 5.6.5

CVE-2017-11482 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Learn more about our Web App Pen Testing.