HomePentest-Tools.com Logo

Elastic Kibana 5.0 <= 5.6.12 / 6.0 <= 6.4.2 Arbitrary File Inclusion Vulnerability (Windows) CVE-2018-17246

Severity
CVSSv3 Score
9.8
Vulnerability description

Kibana is prone to an arbitrary file inclusion flaw.

Risk description

The flaw exists within the Console plugin of the application. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Recommendation

Update to version 5.6.13 or 6.4.3 respectively.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 20, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available