Описание
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.4 | kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.5 | kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.6 | kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.7 | kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | kibana | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.4 Low
CVSS3
Связанные уязвимости
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.
Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.
EPSS
3.4 Low
CVSS3