{"id":"CVE-2017-11479","details":"Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.","modified":"2026-04-11T15:15:30.497184Z","published":"2017-09-29T01:34:48.530Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/10/24/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/10/29/3"},{"type":"REPORT","url":"https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"0"},{"last_affected":"c5af7a418333df6a934b8d1a5648c675641388bd"},{"last_affected":"2ee15d7ceb10d52bef0e5ee58d3f9c5a238cb786"},{"last_affected":"8f2ace746d1b84702bb618308efa65dc0c3f8a34"},{"last_affected":"85a6f4da184835398a4dea748d15cfffa527aa22"},{"last_affected":"ed55995668f95ce28fe5dad55ab4a0da67d2a7b6"},{"last_affected":"9b0119b706e53fbd67b447381fe80f71b9996893"},{"last_affected":"03953ddae5c505842cc39d2df349b7e35f30ee5b"},{"last_affected":"6538112a1d244727704f4f11d152113a5133e871"},{"last_affected":"ce7908cdac87af1e3b02ac4038fc3985602cf95a"},{"last_affected":"b7417c4d48eb56df8d5448a2eea14dd56356c28a"},{"last_affected":"6c330d3c77b0af1c5a29302e0a7a45f33fcb6869"},{"last_affected":"366c5375afb5eaae6b609dae1c22829ee1344c61"},{"last_affected":"75afc9fbb024df55fa01acd1a4c2f76d44961746"},{"last_affected":"725943bf9e3ca6f5e7d286ded25b0207fc68caaa"},{"last_affected":"5aaf7ebf6cd3398b2ba6076d4e4e7e070e19a5a3"},{"last_affected":"0c83527f76c8338a1ab83a30b42e2a46cadf74da"},{"last_affected":"e1950ab7d0686b3a01caa0899faf4bf5a5e4904c"},{"last_affected":"32ff80dbccdff23911015425bfaf4ae32ea0c0c1"},{"last_affected":"3352f60107f55921ad4761fa1f77d67a0315e6ad"},{"last_affected":"c0415be9336be790801e88b92c967e1958c9fd10"},{"last_affected":"12d17c6d111705f0c0c29fbab66eb22eda31dcdf"},{"last_affected":"476a0517b92038a4b719458c10666c62e4bb2c55"}],"database_specific":{"cpe":["cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:*","cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*","cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"5.0.0"},{"last_affected":"5.0.1"},{"last_affected":"5.0.2"},{"last_affected":"5.1.1"},{"last_affected":"5.1.2"},{"last_affected":"5.2.0"},{"last_affected":"5.2.1"},{"last_affected":"5.2.2"},{"last_affected":"5.3.0"},{"last_affected":"5.3.1"},{"last_affected":"5.3.2"},{"last_affected":"5.3.3"},{"last_affected":"5.4.0"},{"last_affected":"5.4.1"},{"last_affected":"5.4.2"},{"last_affected":"5.4.3"},{"last_affected":"5.5.0"},{"last_affected":"5.5.1"},{"last_affected":"5.5.2"},{"last_affected":"5.5.3"},{"last_affected":"5.6.0"},{"last_affected":"5.1.0"}],"source":"CPE_FIELD"}}],"versions":["v0.0.10","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.9","v0.1.0","v0.1.1","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v1.0.1","v1.2.1","v1.2.2","v1.3.0","v1.4.0","v1.4.1","v2.0.0","v2.1.1","v2.2.0","v3.0.2","v3.0.3","v4.0.0-beta1","v4.0.0-beta1.1","v4.0.0-beta2","v4.0.0-beta3","v4.2.0-beta1","v4.2.3","v4.5.5","v4.7.0","v4.7.1","v4.7.2","v4.8.0","v4.9.0","v5.0.0","v5.0.0-alpha5","v5.0.0-beta1","v5.0.0-rc1","v5.0.1","v5.0.2","v5.1.0","v5.1.1","v5.1.2","v5.2.0","v5.2.1","v5.2.2","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.4.0","v5.4.1","v5.4.2","v5.4.3","v5.5.0","v5.5.1","v5.5.2","v5.5.3","v5.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11479.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}