10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
kibana is vulnerable to arbitrary code execution attacks. The vulnerability exists in the Timelion visualizer when running unflatten
, allowing an attacker to send a malicious request that will attempt to execute Javascript code, leading to arbitrary command execution on the host system.
CPE | Name | Operator | Version |
---|---|---|---|
kibana | eq | 5.1.1 | |
kibana | le | 6.6.0 | |
kibana | le | 5.6.14 | |
kibana | eq | 4.6.4__4.el7 | |
kibana | eq | 4.5.4__2.el7 | |
kibana | eq | 4.6.4__3.el7 | |
kibana | eq | 4.6.4__1.el7 | |
kibana | eq | 5.6.10__1.el7 | |
kibana | eq | 5.6.12__1.el7 | |
kibana | eq | 3.1.2__2.el7ost |
access.redhat.com/errata/RHBA-2019:2824
access.redhat.com/errata/RHSA-2019:2860
discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
github.com/elastic/kibana/commit/6e63c2c944d8aaa8d2a02904d6f7acf482a0dfd2
github.com/elastic/kibana/commit/888209a8645a7dcb4cf3b5fb4f3ab2930078a4c5
www.elastic.co/community/security
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C