Kibana Cross Site Request Forgery

2015.11.20

Credit: Kevin Kluge

Risk: Low

Local: No

Remote: Yes

CVE: CVE 2015-8131

CWE: CWE-352

Description:

Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack.  

We have been assigned CVE 2015-8131for this issue.

CVSS Score: 4.0

Remediation:

We recommend that all Kibana users upgrade to either 4.1.3,  4.2.1, or a later version. 

Confirmation:

We have published a vulnerability summary at https://www.elastic.co/community/security.  

We have also made a blog post about the issue and releases at https://www.elastic.co/blog/kibana-4-2-1-and-4-1-3.

References:

https://www.elastic.co/blog/kibana-4-2-1-and-4-1-3

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kibana Cross Site Request Forgery

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.