CVE-2018-20698
MEDIUMSearch Guard < 6.3.0-16 - Open Redirect via Login Page BasePath Parameter
Title source: llmDescription
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://docs.search-guard.com/latest/changelog-kibana-6.x-16
Third Party Advisory x_refsource_confirm
https://github.com/floragunncom/search-guard-kibana-plugin/pull/140
Scores
CVSS v3
6.1
EPSS
0.0080
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
search-guard/search_guard
< 6.3.0-16
Published
Apr 09, 2019
Tracked Since
Feb 18, 2026