CVE-2017-8440

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-8440

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8440.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-8440

Published

2017-06-05T14:29:00.357Z

Modified

2026-05-18T09:31:33.434175Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type

GIT

Repo

https://github.com/elastic/elasticsearch

Events

Introduced

Last affected

3adb13b1f49935973b974a2517caa0d4d59bf4d0

Last affected

5f9cf58c67cb067ef3565862d18d2f6ad05a9a2f

Last affected

30681957d1234e849701b76d37c08c374252abe0

Last affected

780f8c429c5b945035c887ec93a64579cc1d0f20

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "last_affected": "5.4.0"
        }
    ]
}

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.19.0.RC1

v0.19.0.RC2

v0.19.0.RC3

v0.20.0.RC1

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.90.0

v0.90.0.Beta1

v0.90.0.RC1

v0.90.0.RC2

v1.*

v1.0.0.Beta1

v1.0.0.Beta2

v1.0.0.RC1

v5.*

v5.0.0-alpha5

v5.3.0

v5.3.1

v5.3.2

v5.4.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8440.json"

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

Last affected

ce7908cdac87af1e3b02ac4038fc3985602cf95a

Last affected

b7417c4d48eb56df8d5448a2eea14dd56356c28a

Last affected

6c330d3c77b0af1c5a29302e0a7a45f33fcb6869

Last affected

75afc9fbb024df55fa01acd1a4c2f76d44961746

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "last_affected": "5.4.0"
        }
    ]
}

Affected versions

v4.*

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.2.0-beta1

v5.*

v5.0.0-alpha5

v5.3.0

v5.3.1

v5.3.2

v5.4.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8440.json"