Описание
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
Ссылки
- Release NotesVendor Advisory
- Permissions RequiredVendor Advisory
- Release NotesVendor Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:elastic:kibana:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:7.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
6.5 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-538
CWE-22
Связанные уязвимости
github
больше 3 лет назад
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
EPSS
Процентиль: 44%
0.00214
Низкий
6.5 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-538
CWE-22