1747478 – (CVE-2019-13422) CVE-2019-13422 search-guard-kibana-plugin: Malicious redirection upon login

Bug 1747478 (CVE-2019-13422) - CVE-2019-13422 search-guard-kibana-plugin: Malicious redirection upon login

Summary: CVE-2019-13422 search-guard-kibana-plugin: Malicious redirection upon login

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-13422
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1747487
TreeView+	depends on / blocked

Reported:	2019-08-30 14:19 UTC by Pedro Sampaio
Modified:	2020-03-18 04:49 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-10-31 06:51:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2019-08-30 14:19:49 UTC

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.

References:

https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12
https://search-guard.com/cve-advisory/

Comment 1 Jason Shepherd 2019-10-31 01:40:09 UTC

The Search Guard Kibana plugin is not installed in OpenShift Container Platform 3.x, or 4.x.

Comment 2 Product Security DevOps Team 2019-10-31 06:51:12 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-13422

Note You need to log in before you can comment on or make changes to this bug.