What the vulnerability does

01Description

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider.

Key dates

02Disclosure timeline

December 20, 2018 CVE published
August 5, 2024 Record updated