Web application abuses : Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) (Linux)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.113455

Kategorie: Web application abuses

Titel: Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) (Linux)

Zusammenfassung: Kibana is prone to multiple vulnerabilities.

Beschreibung: Summary:
Kibana is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- A server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.
An attacker with administrative Kibana access could set the timelion:graphite.url configuration
option to an arbitrary URL. (CVE-2019-7616)

- A prototype pollution flaw exists in lodash, a component used by KIbana. An attacker with access
to Kibana may be able to use this lodash flaw to unexpectedly modify internal Kibana data. (CVE-2019-10744)

Vulnerability Impact:
- CVE-2019-7616: This could possibly lead to an attacker accessing external
URL resources as the Kibana process on the host system. Successful exploitation would allow an attacker to
read sensitive information.

- CVE-2019-10744: Prototype pollution can be leveraged to execute a cross-site-scripting (XSS), denial of service
(DoS), or Remote Code Execution attack against Kibana.

Affected Software/OS:
Kibana through version 6.8.1 and version 7.0.0 through 7.2.0.

Solution:
Update to version 6.8.2 or 7.2.1 respectively.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-7616
https://www.elastic.co/community/security/

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.113455
Kategorie:	Web application abuses
Titel:	Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) (Linux)
Zusammenfassung:	Kibana is prone to multiple vulnerabilities.
Beschreibung:	Summary: Kibana is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - A server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. (CVE-2019-7616) - A prototype pollution flaw exists in lodash, a component used by KIbana. An attacker with access to Kibana may be able to use this lodash flaw to unexpectedly modify internal Kibana data. (CVE-2019-10744) Vulnerability Impact: - CVE-2019-7616: This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. Successful exploitation would allow an attacker to read sensitive information. - CVE-2019-10744: Prototype pollution can be leveraged to execute a cross-site-scripting (XSS), denial of service (DoS), or Remote Code Execution attack against Kibana. Affected Software/OS: Kibana through version 6.8.1 and version 7.0.0 through 7.2.0. Solution: Update to version 6.8.2 or 7.2.1 respectively. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7616 https://www.elastic.co/community/security/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH