Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-17246

Опубликовано: 06 нояб. 2018
Источник: redhat
CVSS3: 6.3
EPSS Критический

Описание

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Kibana, before 6.4.3 and 5.6.13, contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.10kibanaNot affected
Red Hat OpenShift Container Platform 3.2kibanaNot affected
Red Hat OpenShift Container Platform 3.3kibanaNot affected
Red Hat OpenShift Container Platform 3.4kibanaNot affected
Red Hat OpenShift Container Platform 3.5kibanaNot affected
Red Hat OpenShift Container Platform 3.6kibanaNot affected
Red Hat OpenShift Container Platform 3.7kibanaNot affected
Red Hat OpenShift Container Platform 3.9kibanaNot affected
Red Hat OpenShift Container Platform 4kibanaNot affected
Red Hat OpenShift Enterprise 3.0kibanaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20->CWE-73->CWE-470
https://bugzilla.redhat.com/show_bug.cgi?id=1647344kibana: Arbitrary file inclusion vulnerability in the Console plugin

EPSS

Процентиль: 100%
0.93783
Критический

6.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-17246

CVSS3: 9.8
nvd
около 7 лет назад

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

debian логотип

CVE-2018-17246

CVSS3: 9.8
debian
около 7 лет назад

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file incl ...

github логотип

GHSA-cpwf-64qm-2jpm

CVSS3: 9.8
github
больше 3 лет назад

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

EPSS

Процентиль: 100%
0.93783
Критический

6.3 Medium

CVSS3