VYPR
High severity7.5OSV Advisory· Published Jun 16, 2017· Updated Jun 17, 2026

CVE-2016-1000219

CVE-2016-1000219

Description

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Elastic/KibanaOSV2 versions
    v4.1.0, v4.1.1, v4.1.10, …+ 1 more
    • (no CPE)range: v4.1.0, v4.1.1, v4.1.10, …
    • cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*range: >=4.1.0,<4.1.11
  • Kibana/Kibanallm-fuzzy
    Range: <4.5.4 and <4.1.11

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.