CVE

CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.

CVE

CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Related Resources

No items found.

References

https://www.elastic.co/community/security, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7609, http://packetstormsecurity.com/files/174569/Kibana-Timelion-Prototype-Pollution-Remote-Code-Execution.html, https://access.redhat.com/errata/RHBA-2019:2824, https://access.redhat.com/errata/RHSA-2019:2860, https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077

Severity

10

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.94446%

EPSS Percentile

0.9999%

Introduced Version

Fix Available

fe7575a32e23e15e0a77677dc1a180206554228b,e4f1e8f824c4cdc70bfa09a5ec734d7108366456

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2019-7609

CVE-2019-7609

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

10

Basic Information

Fix Critical Vulnerabilities Instantly