vulnerability

Elastic Kibana: CVE-2016-1000219: Improper Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jun 16, 2017	Sep 3, 2025	Sep 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 16, 2017

Added

Sep 3, 2025

Modified

Sep 3, 2025

Description

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

Solution

elastic-kibana-upgrade-latest

References

CWE-285
CVE-2016-100021
https://attackerkb.com/topics/CVE-2016-100021
URL-http://www.securityfocus.com/bid/99178
URL-https://www.elastic.co/community/security

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today