{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-8443","title":"Title"},{"category":"description","text":"In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-8443","url":"https://www.suse.com/security/cve/CVE-2017-8443"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1075538 for CVE-2017-8443","url":"https://bugzilla.suse.com/1075538"}],"title":"SUSE CVE CVE-2017-8443","tracking":{"current_release_date":"2025-04-25T08:05:09Z","generator":{"date":"2023-02-15T04:45:54Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-8443","initial_release_date":"2023-02-15T04:45:54Z","revision_history":[{"date":"2023-02-15T04:45:54Z","number":"2","summary":"Current version"},{"date":"2025-01-01T08:56:11Z","number":"3","summary":"Current version"},{"date":"2025-02-18T07:46:46Z","number":"4","summary":"Current version"},{"date":"2025-03-16T03:05:55Z","number":"5","summary":"Current version"},{"date":"2025-04-25T08:05:09Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE OpenStack Cloud 7","product":{"name":"SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:7"}}},{"category":"product_version","name":"kibana","product":{"name":"kibana","product_id":"kibana","product_identification_helper":{"cpe":"cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/kibana@?upstream=kibana.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kibana as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:kibana"},"product_reference":"kibana","relates_to_product_reference":"SUSE OpenStack Cloud 7"}]},"vulnerabilities":[{"cve":"CVE-2017-8443","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-8443"}],"notes":[{"category":"general","text":"In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE OpenStack Cloud 7:kibana"]},"references":[{"category":"external","summary":"CVE-2017-8443","url":"https://www.suse.com/security/cve/CVE-2017-8443"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1075538 for CVE-2017-8443","url":"https://bugzilla.suse.com/1075538"}],"threats":[{"category":"impact","date":"2017-06-30T21:16:52Z","details":"moderate"}],"title":"CVE-2017-8443"}]}