vulnerability

Elastic Kibana: CVE-2016-10364: Missing Authentication for Critical Function

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Jun 16, 2017	Sep 3, 2025	Sep 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Jun 16, 2017

Added

Sep 3, 2025

Modified

Sep 3, 2025

Description

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Solution

elastic-kibana-upgrade-latest

References

CWE-306
CVE-2016-10364
https://attackerkb.com/topics/CVE-2016-10364
URL-https://www.elastic.co/community/security

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today