With X-Pack installed, Kibana versions 5.0.0 and 5.0.1...
Moderate severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Apr 20, 2025
Description
Published by the National Vulnerability Database
Jun 16, 2017
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Apr 20, 2025
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
References