⚠ Actively exploited
Added to CISA KEV on 2022-01-10. Federal agencies required to patch by 2022-07-10. Required action: Apply updates per vendor instructions..

CVE-2019-7609Code Injection in Kibana

CWE-94Code InjectionCWE-20Improper Input Validation10 documents10 sources
Severity
10.0CRITICALNVD
EPSS
94.4%
top 0.02%
CISA KEV
KEV
Added 2022-01-10
Due 2022-07-10
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Elastic KibanaRedhat Openshift Container Platform
Timeline
PublishedMar 25
KEV addedJan 10
Latest updateMay 13
KEV dueJul 10
CISA Required Action: Apply updates per vendor instructions.

Description

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDelastic/kibana6.0.06.6.1+1
CVEListV5elastic/kibanabefore 5.6.15 and 6.6.1

Also affects: Openshift Container Platform 3.11, 4.1

🔴Vulnerability Details

3
GHSA
GHSA-cp8f-5jp9-rqmh: Kibana versions before 52022-05-13
CVEList
CVE-2019-7609: Kibana versions before 52019-03-25
VulnCheck
Kibana Arbitrary Code Execution2019

💥Exploits & PoCs

1
Nuclei
Kibana Timelion - Arbitrary Code Execution

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Kibana Prototype Pollution RCE Inbound (CVE-2019-7609)2021-07-27

📋Vendor Advisories

2
CISA
Kibana Arbitrary Code Execution2022-01-10
Red Hat
kibana: Arbitrary code execution flaw in the Timelion visualizer2019-02-19

💬Community

1
Bugzilla
CVE-2019-7609 kibana: Arbitrary code execution flaw in the Timelion visualizer2019-04-04
CVE-2019-7609 — Code Injection in Elastic Kibana | cvebase