All the vulnerabilites related to elasticsearch - kibana
Vulnerability from fkie_nvd
Published
2020-07-27 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| bressers@elastic.co | https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | Release Notes, Vendor Advisory | |
| bressers@elastic.co | https://www.elastic.co/community/security/ | Vendor Advisory | |
| bressers@elastic.co | https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elastic.co/community/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | kibana | * | |
| elasticsearch | kibana | * | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.7.0 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "598008DD-95C5-442F-91C0-4A05C742FBF8",
"versionEndExcluding": "6.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D880C23A-1226-42E5-8A51-D810E2FC46FB",
"versionEndExcluding": "7.8.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB33EB2-6D6A-424B-91AF-3F0EF7FCE470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
},
{
"lang": "es",
"value": "En Kibana versiones anteriores a 6.8.11 y 7.8.1, la visualizaci\u00f3n del mapa de regi\u00f3n contiene un fallo de tipo XSS almacenado. Un atacante que es capaz de editar o crear una visualizaci\u00f3n de mapa de regi\u00f3n podr\u00eda obtener informaci\u00f3n confidencial o llevar a cabo acciones destructivas en nombre de los usuarios de Kibana que ven la visualizaci\u00f3n del mapa de regi\u00f3n"
}
],
"id": "CVE-2020-7017",
"lastModified": "2024-11-21T05:36:30.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-27T18:15:14.233",
"references": [
{
"source": "bressers@elastic.co",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "bressers@elastic.co",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "bressers@elastic.co",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "bressers@elastic.co",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-27 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| bressers@elastic.co | https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | Release Notes, Vendor Advisory | |
| bressers@elastic.co | https://www.elastic.co/community/security/ | Vendor Advisory | |
| bressers@elastic.co | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elastic.co/community/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | kibana | * | |
| elasticsearch | kibana | * | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.7.0 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "598008DD-95C5-442F-91C0-4A05C742FBF8",
"versionEndExcluding": "6.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D880C23A-1226-42E5-8A51-D810E2FC46FB",
"versionEndExcluding": "7.8.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB33EB2-6D6A-424B-91AF-3F0EF7FCE470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
},
{
"lang": "es",
"value": "En Kibana versiones anteriores a 6.8.11 y 7.8.1, contiene un fallo de denegaci\u00f3n de servicio (DoS) en Timelion. Un atacante puede construir una URL que, cuando es visualizada por un usuario de Kibana, puede conllevar al proceso de Kibana a consumir grandes cantidades de CPU y dejar de responder"
}
],
"id": "CVE-2020-7016",
"lastModified": "2024-11-21T05:36:29.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-27T18:15:14.170",
"references": [
{
"source": "bressers@elastic.co",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"source": "bressers@elastic.co",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "bressers@elastic.co",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "bressers@elastic.co",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-185"
}
],
"source": "bressers@elastic.co",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-29 01:34
Modified
2024-11-21 03:07
Severity ?
Summary
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elastic | kibana | 5.0.0 | |
| elastic | kibana | 5.0.1 | |
| elastic | kibana | 5.0.2 | |
| elastic | kibana | 5.1.1 | |
| elastic | kibana | 5.1.2 | |
| elastic | kibana | 5.2.0 | |
| elastic | kibana | 5.2.1 | |
| elastic | kibana | 5.2.2 | |
| elastic | kibana | 5.3.0 | |
| elastic | kibana | 5.3.1 | |
| elastic | kibana | 5.3.2 | |
| elastic | kibana | 5.3.3 | |
| elastic | kibana | 5.4.0 | |
| elastic | kibana | 5.4.1 | |
| elastic | kibana | 5.4.2 | |
| elastic | kibana | 5.4.3 | |
| elastic | kibana | 5.5.0 | |
| elastic | kibana | 5.5.1 | |
| elastic | kibana | 5.5.2 | |
| elastic | kibana | 5.5.3 | |
| elastic | kibana | 5.6.0 | |
| elasticsearch | kibana | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elastic:kibana:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAFDC79-44C7-4CD4-BAF7-E4263A94D55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19498633-0929-4FA6-84AA-21D392CF9431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD1A0D0-D2AD-48A1-B833-4D3914631D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "794A6F03-3152-4A05-911F-3EA58250E906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69E8AB6F-EA19-4C92-8AAE-FE6EFA06AF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDE1AED-DB91-4DAA-9AD8-5859C7D58AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B420684-A6B0-46E4-8214-F8BB1D3E1E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBBEEC5-0843-41F1-BD55-0C8C8CA781FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88ABA67-0305-46E3-AAED-E3FC9F963F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93558649-84F5-448A-B191-1A0052150929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02CD0D6D-2AC7-46E2-ABBE-B780F47DD4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "059C285F-499A-481D-876E-9BEA2EC8628C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E741D583-C568-4A93-A344-A54267B292F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "653C9B4E-5A67-4566-B687-68454C72B1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "852CEAF2-B88A-44AB-8B83-9A568CDBCEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBCC33B-3171-4AD4-A57D-4C0C78536DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F168795-5821-407A-B789-3673A51D2393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8116EC73-5279-48F3-A958-0C8FAB8755B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22B3710A-8F7E-42C5-9832-47FF3EF89443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A2BA4B-B74F-40B9-9536-80BF19DE9B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C22151C-45AD-44DB-B3E0-178BC93CC8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elasticsearch:kibana:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73DFD4F0-9179-4B37-90B0-8CFF88CE3828",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 5.6.1 de Kibana presentan una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Timelion que podr\u00eda permitir a un atacante obtener informaci\u00f3n sensible o realizar acciones destructivas en nombre de otros usuarios de Kibana."
}
],
"id": "CVE-2017-11479",
"lastModified": "2024-11-21T03:07:52.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-29T01:34:48.530",
"references": [
{
"source": "bressers@elastic.co",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "bressers@elastic.co",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "bressers@elastic.co",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
}
],
"sourceIdentifier": "bressers@elastic.co",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-11479
Vulnerability from cvelistv5
Published
2017-09-28 19:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2019/10/29/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T23:06:18",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2017-11479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2017-11479",
"datePublished": "2017-09-28T19:00:00",
"dateReserved": "2017-07-20T00:00:00",
"dateUpdated": "2024-08-05T18:12:39.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7016
Vulnerability from cvelistv5
Published
2020-07-27 18:00
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.elastic.co/community/security/ | x_refsource_MISC | |
| https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 6.8.11 and 7.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:55:24",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2020-7016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 6.8.11 and 7.8.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-185: Incorrect Regular Expression"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security/"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2020-7016",
"datePublished": "2020-07-27T18:00:15",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:03.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7017
Vulnerability from cvelistv5
Published
2020-07-27 18:00
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.elastic.co/community/security/ | x_refsource_MISC | |
| https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 6.8.11 and 7.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:55:26",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2020-7017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "before 6.8.11 and 7.8.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security/"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2020-7017",
"datePublished": "2020-07-27T18:00:15",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201812-0360
Vulnerability from variot
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ElasticsearchKibana (formerly known as elasticsearch-dashboard) is an open source, browser-based analytics and search Elasticsearch dashboard tool from Elasticsearch, the Netherlands. Console is one of the console plugins. Kibana is prone to a local file-include vulnerability. This may allow the attacker to compromise the application and the computer; other attacks are also possible. The following versions of product are vulnerable: Kibana 5.0 through 5.5.12 are vulnerable. Kibana 6.0 through 6.4.2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kibana",
"scope": "lt",
"trust": 1.4,
"vendor": "elasticsearch",
"version": "6.4.3"
},
{
"model": "kibana",
"scope": "lt",
"trust": 1.4,
"vendor": "elasticsearch",
"version": "5.6.13"
},
{
"model": "kibana",
"scope": "lt",
"trust": 1.0,
"vendor": "elastic",
"version": "5.6.13"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"model": "kibana",
"scope": "lt",
"trust": 1.0,
"vendor": "elastic",
"version": "6.4.3"
},
{
"model": "kibana",
"scope": "gte",
"trust": 1.0,
"vendor": "elastic",
"version": "5.0.0"
},
{
"model": "kibana",
"scope": "gte",
"trust": 1.0,
"vendor": "elastic",
"version": "6.0.0"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.9,
"vendor": "elasticsearch",
"version": "5.6.4"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.6,
"vendor": "elasticsearch",
"version": "6.0.0"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.6,
"vendor": "elasticsearch",
"version": "6.0.1"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.6,
"vendor": "elasticsearch",
"version": "6.1.0"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.4.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.4"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.3"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.1.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.1.1"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.1"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.0"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.12"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.6"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.5"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.3"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.1"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.5"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.4"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.3"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.1.2"
},
{
"model": "kibana",
"scope": "eq",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.0"
},
{
"model": "kibana",
"scope": "ne",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "6.4.3"
},
{
"model": "kibana",
"scope": "ne",
"trust": 0.3,
"vendor": "elasticsearch",
"version": "5.6.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "BID",
"id": "106285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.13",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17246"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nethanel Coppenhagen from CyberArk Labs.",
"sources": [
{
"db": "BID",
"id": "106285"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17246",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-23907",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17246",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17246",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-23907",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-285",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-17246",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ElasticsearchKibana (formerly known as elasticsearch-dashboard) is an open source, browser-based analytics and search Elasticsearch dashboard tool from Elasticsearch, the Netherlands. Console is one of the console plugins. Kibana is prone to a local file-include vulnerability. This may allow the attacker to compromise the application and the computer; other attacks are also possible. \nThe following versions of product are vulnerable:\nKibana 5.0 through 5.5.12 are vulnerable. \nKibana 6.0 through 6.4.2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "BID",
"id": "106285"
},
{
"db": "VULMON",
"id": "CVE-2018-17246"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17246",
"trust": 3.4
},
{
"db": "BID",
"id": "106285",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-23907",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-17246",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"db": "BID",
"id": "106285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"id": "VAR-201812-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
}
]
},
"last_update_date": "2023-12-18T13:33:40.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Elastic Stack 6.4.3 and 5.6.13 security update",
"trust": 0.8,
"url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
},
{
"title": "ESA-2018-18",
"trust": 0.8,
"url": "https://www.elastic.co/community/security"
},
{
"title": "ElasticsearchKibanaConsole plugin command to execute the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/145255"
},
{
"title": "Elasticsearch Kibana Console Fixes for plugin security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86721"
},
{
"title": "Red Hat: CVE-2018-17246",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-17246"
},
{
"title": "HTB_Ippsec_Notes",
"trust": 0.1,
"url": "https://github.com/rinkish/htb_ippsec_notes "
},
{
"title": "loophole",
"trust": 0.1,
"url": "https://github.com/zhengjim/loophole "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-829",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/106285"
},
{
"trust": 1.9,
"url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhba-2018:3743"
},
{
"trust": 1.6,
"url": "https://www.elastic.co/community/security"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17246"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17246"
},
{
"trust": 0.3,
"url": "https://github.com/elastic/kibana/commit/0d3461c2c995e7ce5bb3e04ba5cecbc05a5386ab#diff-263cb6070b4e54ae3b4c343d14d0813br25"
},
{
"trust": 0.3,
"url": "https://github.com/elastic/kibana"
},
{
"trust": 0.3,
"url": "https://www.elastic.co/products/kibana"
},
{
"trust": 0.3,
"url": "https://www.elastic.co/blog/kibana-local-file-inclusion-flaw-cve-2018-17246"
},
{
"trust": 0.3,
"url": "https://www.elastic.co/downloads/kibana"
},
{
"trust": 0.3,
"url": "https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-17246"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647344"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "BID",
"id": "106285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"db": "BID",
"id": "106285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"date": "2018-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"date": "2018-12-20T00:00:00",
"db": "BID",
"id": "106285"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"date": "2018-12-20T22:29:00.367000",
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"date": "2018-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-23907"
},
{
"date": "2020-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17246"
},
{
"date": "2018-12-20T00:00:00",
"db": "BID",
"id": "106285"
},
{
"date": "2019-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013160"
},
{
"date": "2020-08-14T17:30:58.793000",
"db": "NVD",
"id": "CVE-2018-17246"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kibana Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-285"
}
],
"trust": 0.6
}
}