CVE-2019-7618Insertion of Sensitive Information into Externally-Accessible File or Directory in Code

CWE-538Insertion of Sensitive Information into Externally-Accessible File or DirectoryCWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elastic CodeElastic Kibana
Timeline
PublishedOct 1
Latest updateMay 24

Description

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elastic_code7.3.0, 7.3.1, and 7.3.2
NVDelastic/kibana7.3.0, 7.3.1, 7.3.2+2

🔴Vulnerability Details

2
GHSA
GHSA-5xg9-ffw5-5c9c: A local file disclosure flaw was found in Elastic Code versions 72022-05-24
CVEList
CVE-2019-7618: A local file disclosure flaw was found in Elastic Code versions 72019-10-01
CVE-2019-7618 — Elastic Code vulnerability | cvebase