CVE-2016-10364

CVE-2016-10364

Vendor Elastic
Product Elastic X-Pack Security
Weakness CWE-306 · Missing auth
Published June 16, 2017
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.

Key dates

02Disclosure timeline

June 16, 2017 CVE published
August 6, 2024 Record updated