Medium severity6.1NVD Advisory· Published Sep 29, 2017· Updated May 13, 2026

CVE-2017-11479

Description

Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Affected products

Elastic/Kibana21 versions
cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*
Elasticsearch/Kibana
cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884nvdIssue TrackingVendor Advisory
www.openwall.com/lists/oss-security/2019/10/24/1nvd
www.openwall.com/lists/oss-security/2019/10/29/3nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000