Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-1000219

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2016-1000219
  • Elastic » Kibana » Version: 4.1.0
    cpe:2.3:a:elastic:kibana:4.1.0
  • Elastic » Kibana » Version: 4.1.1
    cpe:2.3:a:elastic:kibana:4.1.1
  • Elastic » Kibana » Version: 4.1.10
    cpe:2.3:a:elastic:kibana:4.1.10
  • Elastic » Kibana » Version: 4.1.2
    cpe:2.3:a:elastic:kibana:4.1.2
  • Elastic » Kibana » Version: 4.1.3
    cpe:2.3:a:elastic:kibana:4.1.3
  • Elastic » Kibana » Version: 4.1.4
    cpe:2.3:a:elastic:kibana:4.1.4
  • Elastic » Kibana » Version: 4.1.5
    cpe:2.3:a:elastic:kibana:4.1.5
  • Elastic » Kibana » Version: 4.1.6
    cpe:2.3:a:elastic:kibana:4.1.6
  • Elastic » Kibana » Version: 4.1.7
    cpe:2.3:a:elastic:kibana:4.1.7
  • Elastic » Kibana » Version: 4.1.8
    cpe:2.3:a:elastic:kibana:4.1.8
  • Elastic » Kibana » Version: 4.1.9
    cpe:2.3:a:elastic:kibana:4.1.9
  • Elastic » Kibana » Version: 4.5.0
    cpe:2.3:a:elastic:kibana:4.5.0
  • Elastic » Kibana » Version: 4.5.1
    cpe:2.3:a:elastic:kibana:4.5.1
  • Elastic » Kibana » Version: 4.5.2
    cpe:2.3:a:elastic:kibana:4.5.2
  • Elastic » Kibana » Version: 4.5.3
    cpe:2.3:a:elastic:kibana:4.5.3


Products
Pricing
Contact Us

Shodan ® - All rights reserved