It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
CPE | Name | Operator | Version |
---|---|---|---|
elasticsearch | eq | 7.9.2 | |
elasticsearch | eq | 7.9.0 | |
elasticsearch | eq | 7.9.1 | |
elasticsearch | eq | 7.9.3 |