{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T14:58:19.089","vulnerabilities":[{"cve":{"id":"CVE-2019-13423","sourceIdentifier":"security@search-guard.com","published":"2019-08-23T14:15:11.607","lastModified":"2026-06-17T02:16:45.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time"},{"lang":"es","value":"Las versiones de Search Guard Kibana Plugin anteriores a 5.6.8-7 y anteriores a 6.xy-12 tenían el problema de que un usuario autenticado de Kibana podía hacerse pasar por usuario de kibanaserver al proporcionar credenciales incorrectas cuando todas las siguientes condiciones ac son verdaderas: a) Kibana está configurado utilizar Single-Sign-On como método de autenticación, uno de Kerberos, JWT, Proxy, Certificado de cliente. b) El usuario de kibanaserver está configurado para usar HTTP Basic como método de autenticación. c) Search Guard está configurado para usar un dominio de autenticación SSO y HTTP Basic al mismo tiempo"}],"affected":[{"source":"security@search-guard.com","affectedData":[{"vendor":"floragunn","product":"Search Guard Kibana Plugin","versions":[{"version":"unspecified","lessThan":"5.6.8-7","versionType":"custom","status":"affected"},{"version":"unspecified","lessThan":"6.x.y-12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@search-guard.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:kibana:*:*","versionEndExcluding":"5.6.8-7","matchCriteriaId":"902DAA8C-944C-4A60-AC8E-EA16E5E8D49F"},{"vulnerable":true,"criteria":"cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:kibana:*:*","versionStartIncluding":"6.1.0-8","versionEndExcluding":"6.2.3-12","matchCriteriaId":"14FB43F9-4F47-467A-A83E-A6B99D8E1768"}]}]}],"references":[{"url":"https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12","source":"security@search-guard.com","tags":["Vendor Advisory"]},{"url":"https://search-guard.com/cve-advisory/","source":"security@search-guard.com","tags":["Vendor Advisory"]},{"url":"https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://search-guard.com/cve-advisory/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}