← Voltar para CVEs
CVE-2019-7610
N/ADescricao
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/25/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
elastic:kibana
Fraquezas (CWE)
CWE-94CWE-77
Referencias
https://access.redhat.com/errata/RHBA-2019:2824(security@elastic.co)
https://access.redhat.com/errata/RHSA-2019:2860(security@elastic.co)
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077(security@elastic.co)
https://www.elastic.co/community/security(security@elastic.co)
https://access.redhat.com/errata/RHBA-2019:2824(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2860(af854a3a-2127-422b-91ae-364da2661108)
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077(af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.