3 matches found
SUSE CVE-2018-17246
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with...
Elasticsearch Kibana Console Plugin Command Execution Vulnerability
Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch.Console is one of the console plug-ins. A security vulnerability exists in the Console plugin in...
Arbitrary File Inclusion
kibana is vulnerable to arbitrary file inclusion attacks. The vulnerability exists through the Kibana Console API where a request can be sent to include external JS files which could possibly result in executing arbitrary commands...