WARNING: Version 5.6 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
- Kibana cross site scripting issue (ESA-2017-22): Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. CVE ID: CVE-2017-11481
- Kibana open redirect flaw (ESA-2017-23) : The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. CVE ID: CVE-2017-11482
Users should upgrade to Kibana version 6.0.1 or 5.6.5. There are no known workarounds for these issues.