cvedb.io
CVE-2016-1000219
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-06-16T21:29:00.273 · Last modified 2026-06-17T00:38:47.967

Summary

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

Affected products

elastic — kibana

Does this affect you?

Add your gear to cvedb and we'll alert you only when elastic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.