Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.113455
Categoría:Web application abuses
Título:Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) (Linux)
Resumen:Kibana is prone to multiple vulnerabilities.
Descripción:Summary:
Kibana is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- A server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
An attacker with administrative Kibana access could set the timelion:graphite.url configuration
option to an arbitrary URL. (CVE-2019-7616)

- A prototype pollution flaw exists in lodash, a component used by KIbana. An attacker with access
to Kibana may be able to use this lodash flaw to unexpectedly modify internal Kibana data. (CVE-2019-10744)

Vulnerability Impact:
- CVE-2019-7616: This could possibly lead to an attacker accessing external
URL resources as the Kibana process on the host system. Successful exploitation would allow an attacker to
read sensitive information.

- CVE-2019-10744: Prototype pollution can be leveraged to execute a cross-site-scripting (XSS), denial of service
(DoS), or Remote Code Execution attack against Kibana.

Affected Software/OS:
Kibana through version 6.8.1 and version 7.0.0 through 7.2.0.

Solution:
Update to version 6.8.2 or 7.2.1 respectively.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-7616
https://www.elastic.co/community/security/
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.