CVE-2019-7610 log
Source |
|
Severity | High |
Remote | Yes |
Type | Arbitrary code execution |
Description | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-911 | kibana | 6.6.0-2 | 6.6.1-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
25 Feb 2019 | ASA-201902-26 | AVG-911 | kibana | High | multiple issues |
References |
---|
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 |