Описание
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.10.2 (включая) до 7.14.1 (исключая)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-94
CWE-94
Связанные уязвимости
CVSS3: 6.6
debian
около 2 лет назад
It was discovered that a user with Fleet admin permissions could uploa ...
CVSS3: 6.6
github
около 2 лет назад
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.
EPSS
Процентиль: 37%
0.00162
Низкий
6.6 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-94
CWE-94