EIQ-2019-0012#
ID |
EIQ-2019-0012 |
|---|---|
CVE |
|
Description |
Kibana Timelion visualizer could allow arbitrary code execution |
Date |
12 Mar 2019 |
Severity |
3 - HIGH |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
✅ 2.3.4 |
Assessment |
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. If an attacker gains access to the Timelion application, they could send a request to attempt and execute JavaScript code. This could lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. |
Mitigation |
Upgrade to Kibana 5.6.15 or 6.6.1. |
Affected versions |
2.3.3 and earlier. |
Notes |
It is possible to disable Timelion by setting |