CVE-2016-1000219

{"id": "CVE-2016-1000219", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-16T21:29:00.273", "references": [{"url": "http://www.securityfocus.com/bid/99178", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99178", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield."}, {"lang": "es", "value": "Kibana en versiones anteriores a 4.5.4 y 4.1.11 cuando se configura una salida personalizada para iniciar sesi\u00f3n, las cookies y los encabezados de autorizaci\u00f3n podr\u00edan escribirse en los archivos de registro. Esta informaci\u00f3n podr\u00eda ser utilizada para secuestrar sesiones de otros usuarios cuando se utiliza Kibana bajo alguna forma de autenticaci\u00f3n como Shield."}], "lastModified": "2024-11-21T02:43:00.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F353A236-9768-4194-A97B-127598AC0640", "versionEndExcluding": "4.1.11", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC33151C-DAC0-4627-B6F4-2EE1C6E18892", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}