Medium severity6.1NVD Advisory· Published Dec 8, 2017· Updated May 13, 2026
CVE-2017-11482
CVE-2017-11482
Description
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
Affected products
13before 6.0.1 and 5.6.5+ 12 more
- (no CPE)range: before 6.0.1 and 5.6.5
- cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571nvdVendor Advisory
News mentions
0No linked articles in our index yet.