Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-10364

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

  • Published: Jun 16, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-10364
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
elastic / kibana 5.0.1 5.0.1.x
elastic / kibana 5.0.0 5.0.0.x