PT-2019-5279 · Elastic · Kibana

Published

2019-02-19

Updated

2025-11-07

CVE-2019-7609

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 5.6.15 and 6.6.1

Description The issue is related to insufficient code generation management in the Timelion visualizer of Kibana, which can lead to arbitrary code execution. An attacker with access to the Timelion application could send a request to execute javascript code, potentially resulting in the execution of arbitrary commands with the permissions of the Kibana process on the host system.

Recommendations For Kibana versions prior to 5.6.15, update to version 5.6.15 or later. For Kibana versions prior to 6.6.1, update to version 6.6.1 or later. As a temporary workaround, consider disabling the Timelion visualizer until a patch is available. Restrict access to the Timelion application to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2020-02180

CVE-2019-7609

RHSA-2019:2860

Affected Products

Kibana

PT-2019-5279 · Elastic · Kibana

CVE-2019-7609

Weakness Enumeration

Related Identifiers

Affected Products

References · 31