CVE-2019-7618: Path Traversal
First published: Tue Oct 01 2019(Updated: )
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Kibana | =7.3.0 | |
| Elastic Kibana | =7.3.1 | |
| Elastic Kibana | =7.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-7618?
CVE-2019-7618 is a local file disclosure flaw found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2.
How does CVE-2019-7618 work?
If a malicious code repository is imported into Code, it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
Which versions of Elastic Code are affected by CVE-2019-7618?
Elastic Code versions 7.3.0, 7.3.1, and 7.3.2 are affected by CVE-2019-7618.
What is the severity of CVE-2019-7618?
CVE-2019-7618 has a severity rating of 6.5 (medium).
How can I fix CVE-2019-7618?
To fix CVE-2019-7618, it is recommended to update Elastic Code to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elastic
- canonical/elastic kibana
- version/elastic kibana/7.3.0
- version/elastic kibana/7.3.1
- version/elastic kibana/7.3.2