CVE-2016-1000219
First published: Fri Jun 16 2017(Updated: )
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic | >=4.1.0<4.1.11 | |
| Elastic | >=4.5.0<4.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2016-1000219?
CVE-2016-1000219 is considered a moderate severity vulnerability due to the potential for session hijacking.
How do I fix CVE-2016-1000219?
To fix CVE-2016-1000219, upgrade to Kibana version 4.5.4 or 4.1.11 or later.
What software versions are affected by CVE-2016-1000219?
Kibana versions prior to 4.5.4 and 4.1.11 are affected by CVE-2016-1000219.
What type of information could be exposed due to CVE-2016-1000219?
Due to CVE-2016-1000219, cookies and authorization headers could be written to log files, potentially exposing them to unauthorized users.
Is CVE-2016-1000219 exploitable remotely?
CVE-2016-1000219 is potentially exploitable remotely if Kibana is configured behind a vulnerable authentication mechanism.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/elastic
- canonical/elastic
- version/elastic/4.1.0
- version/elastic/4.5.0