PT-2019-18668 · Elastic · Kibana

Publicado

2019-07-30

Atualizado

2023-03-03

CVE-2019-7616

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1

Description The issue is related to a server side request forgery (SSRF) flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could set the timelion:graphite.url configuration option to an arbitrary URL, potentially allowing access to external URL resources as the Kibana process on the host system.

Recommendations For versions prior to 6.8.2, update to version 6.8.2 or later. For versions prior to 7.2.1, update to version 7.2.1 or later.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2019-7616

Produtos afetados

Kibana

PT-2019-18668 · Elastic · Kibana

CVE-2019-7616

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5