Lucene search
Veracode Vulnerability DatabaseVERACODE:40533HistoryMay 16, 2023 - 2:13 a.m.
Arbitrary Code Execution
2023-05-1602:13:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
kibana
arbitrary code execution
uptime/synthetics
configuration payload
host system
remote attack
0.002 Low
EPSS
Percentile
52.4%
kibana is vulnerable to Arbitrary Code Execution. A remote authenticated attacker with the ability to modify the Kibana yaml or env configuration is able to execute malicious code on the host system via a malicious configuration payload trough the Uptime/Synthetics feature.
References
discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
github.com/advisories/GHSA-3x5p-xwf4-5g93
github.com/elastic/kibana/commit/40546954e91188153267c4bc92c65c93e45c71ea
github.com/elastic/kibana/commit/efcababbe5f06e1b6ddf761c632cb9df4eb92082
github.com/elastic/kibana/pull/155759
github.com/elastic/kibana/pull/155818
github.com/elastic/kibana/pull/155948
www.elastic.co/community/security/
Related
osv
osv
CVE-2023-31415
2023-05-04 21:15:11
nvd
nvd
CVE-2023-31415
2023-05-04 21:15:11
prion
prion
Code injection
2023-05-04 21:15:00
cve
cve
CVE-2023-31415
2023-05-04 21:15:11
cvelist
cvelist
CVE-2023-31415
2023-05-04 00:00:00
openvas
openvas
Elastic Kibana 8.7.0 Arbitrary Code Execution Vulnerability (ESA-2023-08)
2023-05-04 00:00:00
nessus
nessus
Elastic Kibana < 8.7.1 Arbitrary Code Execution
2023-05-12 00:00:00