CVE-2019-7610
published 2019-03-25CVE-2019-7610: Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting…
PriorityP357critical9CVSS 3.0
AVNACHPRNUINSCCHIHAH
EPSS
3.91%
89.0th percentile
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | < 5.6.15 | 5.6.15 |
| elastic | kibana | — | — |
| elastic | kibana | >= 6.0.0 < 6.6.1 | 6.6.1 |
CVSS provenance
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kibana: Audit logging Remote Code Execution issue
vendor_redhat·2019-02-19·CVSS 9.0
CVE-2019-7610 [CRITICAL] CWE-20 kibana: Audit logging Remote Code Execution issue
kibana: Audit logging Remote Code Execution issue
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on t
GHSA
GHSA-rrx3-4wcg-f297: Kibana versions before 6
ghsa_unreviewed·2022-05-14
CVE-2019-7610 [CRITICAL] CWE-77 GHSA-rrx3-4wcg-f297: Kibana versions before 6
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
No detection rules found.
No public exploits indexed.
https://access.redhat.com/errata/RHBA-2019:2824https://access.redhat.com/errata/RHSA-2019:2860https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077https://www.elastic.co/community/securityhttps://access.redhat.com/errata/RHBA-2019:2824https://access.redhat.com/errata/RHSA-2019:2860https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077https://www.elastic.co/community/security
2019-03-25
Published