Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.113455 |
Categoría: | Web application abuses |
Título: | Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) (Linux) |
Resumen: | Kibana is prone to multiple vulnerabilities. |
Descripción: | Summary: Kibana is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - A server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. (CVE-2019-7616) - A prototype pollution flaw exists in lodash, a component used by KIbana. An attacker with access to Kibana may be able to use this lodash flaw to unexpectedly modify internal Kibana data. (CVE-2019-10744) Vulnerability Impact: - CVE-2019-7616: This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. Successful exploitation would allow an attacker to read sensitive information. - CVE-2019-10744: Prototype pollution can be leveraged to execute a cross-site-scripting (XSS), denial of service (DoS), or Remote Code Execution attack against Kibana. Affected Software/OS: Kibana through version 6.8.1 and version 7.0.0 through 7.2.0. Solution: Update to version 6.8.2 or 7.2.1 respectively. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-7616 https://www.elastic.co/community/security/ |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |