CVE-2019-13422
23.08.2019, 14:15
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
| Vendor | Product | Version |
|---|---|---|
| search-guard | search_guard | 𝑥 < 5.6.8-7 |
| search-guard | search_guard | 6.1.0-8 ≤ 𝑥 < 6.2.3-12 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.