Lucene search
ElasticCVELIST:CVE-2021-37938HistoryNov 18, 2021 - 3:06 p.m.
CVE-2021-37938
2021-11-1815:06:45
CWE-269
elastic
www.cve.org
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability.
CNA Affected
[
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "All versions from 7.9.0 through 7.15.1"
}
]
}
]Related
cve
cve
CVE-2021-37938
2021-11-18 16:15:08
osv
osv
CVE-2021-37938
2021-11-18 16:15:08
prion
prion
Design/Logic Flaw
2021-11-18 16:15:00
openvas
openvas
Elastic Kibana Directory Traversal Vulnerability (ESA-2021-26)
2021-11-17 00:00:00
nvd
nvd
CVE-2021-37938
2021-11-18 16:15:08
nessus
nessus
Kibana 7.8.0 < 7.15.2 Multiple Vulnerabilities
2023-01-11 00:00:00