Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.
Back to all
CVE

CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer.

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
10
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://www.elastic.co/community/security, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7609, http://packetstormsecurity.com/files/174569/Kibana-Timelion-Prototype-Pollution-Remote-Code-Execution.html, https://access.redhat.com/errata/RHBA-2019:2824, https://access.redhat.com/errata/RHSA-2019:2860, https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077, https://www.elastic.co/community/security, http://packetstormsecurity.com/files/174569/Kibana-Timelion-Prototype-Pollution-Remote-Code-Execution.html

Severity

10

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
10
EPSS Probability
0.94429%
EPSS Percentile
0.99983%
Introduced Version
8f0685b924b9159807704ec2593b26e28105da44,f8bc449f5a6b28d0597730b1cf03fefe7e33422e
Fix Available
1fd8f691bf2e467057b864eea9103a6e3345af3e,c0c81857d435f499ec2514d9a4823e3dc87021bd

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading