HomePentest-Tools.com Logo

Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Windows CVE-2019-7616CVE-2019-10744

CVSSv3 Score
Vulnerability description

Kibana is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - A server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. (CVE-2019-7616) - A prototype pollution flaw exists in lodash, a component used by KIbana. An attacker with access to Kibana may be able to use this lodash flaw to unexpectedly modify internal Kibana data. (CVE-2019-10744) - CVE-2019-7616: This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. Successful exploitation would allow an attacker to read sensitive information. - CVE-2019-10744: Prototype pollution can be leveraged to execute a cross-site-scripting (XSS), denial of service (DoS), or Remote Code Execution attack against Kibana.


Update to version 6.8.2 or 7.2.1 respectively.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Jul 26, 2019
Detection added at
Software Type
Not available
Not available
Not available