FKIE_CVE-2019-13423

Vulnerability from fkie_nvd - Published: 2019-08-23 14:15 - Updated: 2024-11-21 04:24
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time
References
security@search-guard.comhttps://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12Vendor Advisory
security@search-guard.comhttps://search-guard.com/cve-advisory/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://search-guard.com/cve-advisory/Vendor Advisory
Impacted products
Vendor Product Version
search-guard search_guard *
search-guard search_guard *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:kibana:*:*",
              "matchCriteriaId": "902DAA8C-944C-4A60-AC8E-EA16E5E8D49F",
              "versionEndExcluding": "5.6.8-7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:kibana:*:*",
              "matchCriteriaId": "14FB43F9-4F47-467A-A83E-A6B99D8E1768",
              "versionEndExcluding": "6.2.3-12",
              "versionStartIncluding": "6.1.0-8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time"
    },
    {
      "lang": "es",
      "value": "Las versiones de Search Guard Kibana Plugin anteriores a 5.6.8-7 y anteriores a 6.xy-12 ten\u00edan el problema de que un usuario autenticado de Kibana pod\u00eda hacerse pasar por usuario de kibanaserver al proporcionar credenciales incorrectas cuando todas las siguientes condiciones ac son verdaderas: a) Kibana est\u00e1 configurado utilizar Single-Sign-On como m\u00e9todo de autenticaci\u00f3n, uno de Kerberos, JWT, Proxy, Certificado de cliente. b) El usuario de kibanaserver est\u00e1 configurado para usar HTTP Basic como m\u00e9todo de autenticaci\u00f3n. c) Search Guard est\u00e1 configurado para usar un dominio de autenticaci\u00f3n SSO y HTTP Basic al mismo tiempo"
    }
  ],
  "id": "CVE-2019-13423",
  "lastModified": "2024-11-21T04:24:54.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-23T14:15:11.607",
  "references": [
    {
      "source": "security@search-guard.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
    },
    {
      "source": "security@search-guard.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search-guard.com/cve-advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://search-guard.com/cve-advisory/"
    }
  ],
  "sourceIdentifier": "security@search-guard.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security@search-guard.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.