HomePentest-Tools.com Logo

Elastic Kibana 6.7.0 < 6.8.9, 7.x <= 7.6.2 Prototype Pollution Vulnerability (Windows) CVE-2020-7012

Severity
CVSSv3 Score
8.8
Vulnerability description

Kibana is prone to a prototype pollution vulnerability in the Upgrade Assistant.

Risk description

An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Recommendation

Update to version 6.8.9, 7.7.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 3, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available