CVE-2019-7618

Name of the Vulnerable Software and Affected Versions Elastic Code versions 7.3.0 through 7.3.2

Description A local file disclosure flaw was found in Elastic Code. If a malicious code repository is imported into Code, it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

Recommendations For versions 7.3.0 through 7.3.2, consider restricting access to the code import feature until a patch is available. As a temporary workaround, limit the permissions of the Kibana system user to minimize the risk of exploitation. Avoid importing code repositories from untrusted sources to reduce the risk of introducing malicious code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.