First published: Mon Mar 25 2019(Updated: )
Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
Credit: bressers@elastic.co bressers@elastic.co bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic Kibana | <5.6.15 | |
Elastic Kibana | >=6.0.0<6.6.1 | |
Redhat Openshift Container Platform | =3.11 | |
Redhat Openshift Container Platform | =4.1 | |
redhat/kibana | <5.6.15 | 5.6.15 |
redhat/kibana | <6.6.1 | 6.6.1 |
Elastic Kibana | ||
<5.6.15 | ||
>=6.0.0<6.6.1 | ||
=3.11 | ||
=4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7609 is a vulnerability that exists in Kibana versions before 5.6.15 and 6.6.1, allowing an attacker to execute arbitrary code.
Kibana versions before 5.6.15 and 6.6.1 are affected by CVE-2019-7609.
CVE-2019-7609 has a severity level of critical.
An attacker with access to the Timelion application in Kibana could send a request to execute JavaScript code.
To mitigate the vulnerability, update your Kibana installation to version 5.6.15 or above for Kibana 5.x, or version 6.6.1 or above for Kibana 6.x.