Lucene search
Veracode Vulnerability DatabaseVERACODE:13541HistoryMar 26, 2019 - 2:53 a.m.
Remote Code Execution (RCE)
2019-03-2602:53:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
25
0.97 High
EPSS
Percentile
99.7%
kibana is vulnerable to arbitrary code execution attacks. The vulnerability exists in the Timelion visualizer when running unflatten, allowing an attacker to send a malicious request that will attempt to execute Javascript code, leading to arbitrary command execution on the host system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kibana | eq | 5.1.1 | |
| kibana | le | 6.6.0 | |
| kibana | le | 5.6.14 | |
| kibana | eq | 4.6.4__4.el7 | |
| kibana | eq | 4.5.4__2.el7 | |
| kibana | eq | 4.6.4__3.el7 | |
| kibana | eq | 4.6.4__1.el7 | |
| kibana | eq | 5.6.10__1.el7 | |
| kibana | eq | 5.6.12__1.el7 | |
| kibana | eq | 3.1.2__2.el7ost |
References
access.redhat.com/errata/RHBA-2019:2824
access.redhat.com/errata/RHSA-2019:2860
discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
github.com/elastic/kibana/commit/6e63c2c944d8aaa8d2a02904d6f7acf482a0dfd2
github.com/elastic/kibana/commit/888209a8645a7dcb4cf3b5fb4f3ab2930078a4c5
www.elastic.co/community/security
Related
githubexploit
githubexploit
Exploit for Code Injection in Elastic Kibana
2019-10-21 15:31:13
Exploit for Code Injection in Elastic Kibana
2019-12-01 14:29:22
Exploit for Code Injection in Elastic Kibana
2019-10-18 03:25:22
redhatcve
redhatcve
CVE-2019-7609
2019-04-04 03:50:05
checkpoint_advisories
checkpoint_advisories
Kibana Timelion Remote Code Execution (CVE-2019-7609)
2019-10-22 00:00:00
attackerkb
attackerkb
CVE-2019-7609
2019-03-25 00:00:00
cisa_kev
cisa_kev
Kibana Arbitrary Code Execution
2022-01-10 00:00:00
cvelist
cvelist
CVE-2019-7609
2019-03-25 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0223
2019-04-05 00:00:00
Critical Photon OS Security Update - PHSA-2019-0223
2019-04-05 00:00:00
Critical Photon OS Security Update - PHSA-2019-0012
2019-04-25 00:00:00
f5
f5
K54184111 : Kibana vulnerability CVE-2019-7609
2022-03-21 00:00:00
metasploit
metasploit
Kibana Timelion Prototype Pollution RCE
2023-08-24 20:08:08
nvd
nvd
CVE-2019-7609
2019-03-25 19:29:02
zdt
zdt
Kibana Timelion Prototype Pollution Remote Code Execution Exploit
2023-09-11 00:00:00
cve
cve
CVE-2019-7609
2019-03-25 19:29:02
osv
osv
CVE-2019-7609
2019-03-25 19:29:02
openvas
openvas
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 RCE Vulnerability - Active Check
2019-11-06 00:00:00
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities - Windows
2019-03-27 00:00:00
Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 Multiple Vulnerabilities - Linux
2019-03-27 00:00:00
nuclei
nuclei
Kibana Timelion - Arbitrary Code Execution
2020-08-15 18:10:27
prion
prion
Code injection
2019-03-25 19:29:00
packetstorm
packetstorm
Kibana Timelion Prototype Pollution Remote Code Execution
2023-09-08 00:00:00
ibm
ibm
redhat
redhat
archlinux
archlinux
[ASA-201902-26] kibana: multiple issues
2019-02-25 00:00:00
nessus
nessus
Kibana ESA-2019-01, ESA-2019-02, ESA-2019-03
2019-03-04 00:00:00
Kibana 6.x < 6.6.1 Multiple Vulnerabilities
2020-03-05 00:00:00
Kibana 5.x < 5.6.15 / 6.x < 6.6.1 Multiple Vulnerabilities
2019-10-24 00:00:00
myhack58
myhack58
threatpost
threatpost
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
thn
thn
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
2021-05-08 12:24:00
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure
2022-01-12 09:14:00
qualysblog
qualysblog
ics
ics
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00