Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0109 A cross-site request forgery vulnerability has been fixed in Kibana 4.2.1 and 4.1.3 20 November 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Elastic Kibana Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Request Forgery -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-8131 Member content until: Sunday, December 20 2015 OVERVIEW A cross site request forgery vulnerability has been found in Kibana prior to versions 4.2.1 and 4.1.3. IMPACT Elastic has provided the following information on the vulnerability: CVE-2015-8131 "Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack." [1] MITIGATION The vendor recommends updating to 4.2.1 and 4.1.3. [1][2] REFERENCES [1] Security Issues https://www.elastic.co/community/security [2] Kibana 4.2.1 and 4.1.3 released https://www.elastic.co/blog/kibana-4-2-1-and-4-1-3 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVk51K36ZAP0PgtI9AQJyOxAAnY+QqyD+SHrP0qPdqroxZsFfTphJO+sF tKk5Gm7zqkQ7aY9iJZguOjEuSXvHooQuq9EYVO2y4FayerachchZ9PYtLq/vXXNY v6j813H9DKi85wH9km9EKl8ItC22w4wUa2BH8Sz9T5PBJkQgciBbnEE+VKVIuk/q oOUc2GsmwUT74wwa7M0CQm5QTuokE11B5aJi+Y3Cq/3jUC0f5fxo8URy8cPonpGh vYR0gYvzfF7FCajmkGena8NgkF1W9Rh4bwWvWZ1d2xfMHNrp75ZRYD4TSERS1joy VQziw4wQxxJXGbcGU6WP1SKBT1BLBfDf79954erNEcKLONlMR9q5JK9DsMDPlJnu JrKCUabaHUaeYP19rrGAslNn0/UMfDPpdxOeNlv6rwr7vfJ/sSzzZsYwSX354lTh rvRrwJ72/VPb3Ge67RfDaY8laGjzG7VJ/MuHo3QB4NiQqjLhL6VZ8qedz6wSvqcM vIUhbtSrAjGSLn+BWJw2BORk8ooGbUmDyML+uExXvcf5YdLw1ky5tq7yH615OAM9 u06etGk9iW2lo/RczsO6oGTwgikDQd7Y6sRh9lUSrpsmoPUJVOcfoA/Ntp4INnWz W+pujjAHRS6CmGKtVa+zxBewxol/DLtM1ImyJkh0kx73elJarpCYuKrcWJ/Lz9FA 2DAwQHNgoZ8= =uNxv -----END PGP SIGNATURE-----