vulnerability

Elastic Kibana: CVE-2017-8443: Use of GET Request Method With Sensitive Query Strings

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Jun 30, 2017	Sep 3, 2025	Sep 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Jun 30, 2017

Added

Sep 3, 2025

Modified

Sep 3, 2025

Description

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.

Solution

elastic-kibana-upgrade-latest

References

CWE-598
CWE-200
CVE-2017-8443
https://attackerkb.com/topics/CVE-2017-8443
URL-https://www.elastic.co/community/security

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today