Описание
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Broken LinkVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Broken LinkVendor Advisory
- US Government Resource
Уязвимые конфигурации
Одно из
Одно из
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Уязвимость виртуализатора Timelion сервиса визуализации данных Kibana, позволяющая нарушителю выполнить произвольные команды
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2