CVE-2019-7610 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-911 | kibana | 6.6.0-2 | 6.6.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 25 Feb 2019 | ASA-201902-26 | AVG-911 | kibana | High | multiple issues |
| References |
|---|
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 |