CVE-2017-8443

medium

Published 2017-06-30 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2

4.3

VIR risk

6.5

Description

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-8443.html

vendor Authored 2026-05-27

Vendor advisory: security@elastic.co — https://www.elastic.co/community/security

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions	Fixed
elastic	kibana	`{"endIncluding":"5.4.2"}`

References

CWEs

CWE-598 CWE-200

Verify integrity in audit chain (admin only). AS-IS.