CVE-2019-7609

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 5.6.15 and 6.6.1

Description The issue is related to insufficient code generation management in the Timelion visualizer of Kibana, which can lead to arbitrary code execution. An attacker with access to the Timelion application could send a request to execute javascript code, potentially resulting in the execution of arbitrary commands with the permissions of the Kibana process on the host system.

Recommendations For Kibana versions prior to 5.6.15, update to version 5.6.15 or later. For Kibana versions prior to 6.6.1, update to version 6.6.1 or later. As a temporary workaround, consider disabling the Timelion visualizer until a patch is available. Restrict access to the Timelion application to minimize the risk of exploitation.