PT-2018-13966 · Elastic · Kibana

Nethanel Coppenhagen

Publicado

2018-12-20

Atualizado

2025-07-18

CVE-2018-17246

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 6.4.3 Kibana versions prior to 5.6.13

Description The issue is related to an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request to execute javascript code, potentially leading to the execution of arbitrary commands with the permissions of the Kibana process on the host system.

Recommendations For versions prior to 6.4.3, update to version 6.4.3 or later. For versions prior to 5.6.13, update to version 5.6.13 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-829CWE-73

Identificadores relacionados

CVE-2018-17246

Produtos afetados

Kibana

PT-2018-13966 · Elastic · Kibana

CVE-2018-17246

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7