CVE-2017-8443

MEDIUM Year: 2017
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-598
View all →

Vulnerability Description

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.

Related Vulnerabilities

CVE-2018-5467

MEDIUM
CVSS:6.5(Medium)

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An informat...

CWE-5982018

CVE-2022-24414

MEDIUM
CVSS:6.5(Medium)

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use thes...

CWE-5982022

CVE-2025-24948

MEDIUM
CVSS:6.5(Medium)

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.

CWE-5982025

CVE-2022-25787

MEDIUM
CVSS:6.7(Medium)

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all ...

CWE-5982022

CVE-2025-1738

MEDIUM
CVSS:6.2(Medium)

A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party.

CWE-5982025

CVE-2024-41738

MEDIUM
CVSS:5.9(Medium)

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the m...

CWE-5982024