Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-17246 — External Control of File Name or Path in Kibana

CWE-73 — External Control of File Name or Path CWE-829 — Inclusion of Functionality from Untrusted Control Sphere CWE-20 — Improper Input Validation CWE-470 — Unsafe Reflection9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

93.8%

top 0.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Elastic Kibana Redhat Openshift Container Platform

Timeline

PublishedDec 20

Latest updateMay 13

Description

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDelastic/kibana5.0.0 — 5.6.13+1

▶CVEListV5elastic/kibanabefore 6.4.3 and 5.6.13

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

GHSA

GHSA-cpwf-64qm-2jpm: Kibana versions before 6↗2022-05-13

▶

CVEList

CVE-2018-17246: Kibana versions before 6↗2018-12-20

▶

VulnCheck

Elastic Kibana External Control of File Name or Path↗2018

▶

💥Exploits & PoCs

Nuclei

Kibana - Local File Inclusion

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Kibana Path Traversal Inbound (CVE-2018-17246)↗2021-07-27

▶

Suricata

ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)↗2018-12-19

▶

📋Vendor Advisories

Red Hat

kibana: Arbitrary file inclusion vulnerability in the Console plugin↗2018-11-06

▶

💬Community

Bugzilla

CVE-2018-17246 kibana: Arbitrary file inclusion vulnerability in the Console plugin↗2018-11-07

▶