CVE-2017-8443 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-8443 Interim 1 5 2022-09-18T00:49:43Z current 2021-05-30T13:56:16Z 2022-09-18T00:49:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-8443 In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 7 kibana kibana as a component of SUSE OpenStack Cloud 7 In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs. CVE-2017-8443 SUSE OpenStack Cloud 7:kibana moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N