VYPR

Search Guard Kibana Plugin

by Floragunn

CVEs (3)

  • CVE-2019-13423HigAug 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use…

  • CVE-2019-13422MedAug 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

  • CVE-2018-20698MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.01

    The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.