CVE-2017-11481

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-11481
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11481.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-11481
Downstream
Related
Published
2017-12-08T18:29:00.240Z
Modified
2026-04-11T15:15:31.697281Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
12d17c6d111705f0c0c29fbab66eb22eda31dcdf
Last affected
d1e7b4cfb06c4d9156fb1e691853b36ff5801d57
Last affected
864b8719e2814b7667d5831c415a79026d78ea9f
Last affected
f363a8fe7aeeb6a535e0bb43b3b1916f26ab3732
Last affected
efd2403e605c9f695a87929083421ba09f3ac54e
Last affected
f8bc449f5a6b28d0597730b1cf03fefe7e33422e
Last affected
815b082799cc42b0a66d52689d901525b5e6f182
Last affected
b7f519704ae0d25f085e3278198e2abec1d9ef6e
Last affected
e5b6450423e5b179eb85810b997dd3fd0c8c7ddb
Last affected
3cb25ad0b62e8b085f4fabf2af7efca03124c1b9
Last affected
04485d7d34cc0e94f58146577892fb2c4a6e7f56
Last affected
0766ab238177e366236f3cdf34b19b6c5ffaf837
Database specific 
{
    "cpe": [
        "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.0"
        },
        {
            "last_affected": "5.6.1"
        },
        {
            "last_affected": "5.6.2"
        },
        {
            "last_affected": "5.6.3"
        },
        {
            "last_affected": "5.6.4"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "last_affected": "6.0.0-alpha1"
        },
        {
            "last_affected": "6.0.0-alpha2"
        },
        {
            "last_affected": "6.0.0-beta1"
        },
        {
            "last_affected": "6.0.0-beta2"
        },
        {
            "last_affected": "6.0.0-rc1"
        },
        {
            "last_affected": "6.0.0-rc2"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

v4.*
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.2.0-beta1
v5.*
v5.0.0-alpha5
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v6.*
v6.0.0
v6.0.0-alpha1
v6.0.0-alpha2
v6.0.0-beta1
v6.0.0-beta2
v6.0.0-rc1
v6.0.0-rc2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11481.json"