Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for kibana by elasticsearch

    VAR-201812-0360

    Vulnerability from variot - Updated: 2024-11-23 21:52

    Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ElasticsearchKibana (formerly known as elasticsearch-dashboard) is an open source, browser-based analytics and search Elasticsearch dashboard tool from Elasticsearch, the Netherlands. Console is one of the console plugins. Kibana is prone to a local file-include vulnerability. This may allow the attacker to compromise the application and the computer; other attacks are also possible. The following versions of product are vulnerable: Kibana 5.0 through 5.5.12 are vulnerable. Kibana 6.0 through 6.4.2 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0360",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "kibana",
            "scope": "lt",
            "trust": 1.4,
            "vendor": "elasticsearch",
            "version": "6.4.3"
          },
          {
            "model": "kibana",
            "scope": "lt",
            "trust": 1.4,
            "vendor": "elasticsearch",
            "version": "5.6.13"
          },
          {
            "model": "kibana",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "elastic",
            "version": "6.0.0"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.11"
          },
          {
            "model": "kibana",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "elastic",
            "version": "5.0.0"
          },
          {
            "model": "kibana",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "elastic",
            "version": "5.6.13"
          },
          {
            "model": "kibana",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "elastic",
            "version": "6.4.3"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "elasticsearch",
            "version": "5.6.4"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elasticsearch",
            "version": "6.0.0"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elasticsearch",
            "version": "6.0.1"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elasticsearch",
            "version": "6.1.0"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.4.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.4"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.3"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.1.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.1.1"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.1"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.0"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.12"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.6"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.5"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.3"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.1"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.5"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.4"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.3"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.1.2"
          },
          {
            "model": "kibana",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.0"
          },
          {
            "model": "kibana",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "6.4.3"
          },
          {
            "model": "kibana",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "elasticsearch",
            "version": "5.6.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "BID",
            "id": "106285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:elasticsearch:kibana",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nethanel Coppenhagen from CyberArk Labs.",
        "sources": [
          {
            "db": "BID",
            "id": "106285"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-17246",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-17246",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2018-23907",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-17246",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-17246",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17246",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-23907",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-285",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-17246",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Kibana Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ElasticsearchKibana (formerly known as elasticsearch-dashboard) is an open source, browser-based analytics and search Elasticsearch dashboard tool from Elasticsearch, the Netherlands. Console is one of the console plugins. Kibana is prone to a local file-include vulnerability. This may allow the attacker to compromise the application and the computer; other attacks are also possible. \nThe following versions of product are vulnerable:\nKibana 5.0 through 5.5.12 are vulnerable. \nKibana 6.0 through 6.4.2 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "BID",
            "id": "106285"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17246",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "106285",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "db": "BID",
            "id": "106285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "id": "VAR-201812-0360",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:52:37.999000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Elastic Stack 6.4.3 and 5.6.13 security update",
            "trust": 0.8,
            "url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
          },
          {
            "title": "ESA-2018-18",
            "trust": 0.8,
            "url": "https://www.elastic.co/community/security"
          },
          {
            "title": "ElasticsearchKibanaConsole plugin command to execute the patch for the vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/145255"
          },
          {
            "title": "Elasticsearch Kibana Console Fixes for plugin security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86721"
          },
          {
            "title": "Red Hat: CVE-2018-17246",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-17246"
          },
          {
            "title": "HTB_Ippsec_Notes",
            "trust": 0.1,
            "url": "https://github.com/Rinkish/HTB_Ippsec_Notes "
          },
          {
            "title": "loophole",
            "trust": 0.1,
            "url": "https://github.com/zhengjim/loophole "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-73",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-829",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/106285"
          },
          {
            "trust": 1.9,
            "url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
          },
          {
            "trust": 1.6,
            "url": "https://access.redhat.com/errata/rhba-2018:3743"
          },
          {
            "trust": 1.6,
            "url": "https://www.elastic.co/community/security"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17246"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17246"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/elastic/kibana/commit/0d3461c2c995e7ce5bb3e04ba5cecbc05a5386ab#diff-263cb6070b4e54ae3b4c343d14d0813br25"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/elastic/kibana"
          },
          {
            "trust": 0.3,
            "url": "https://www.elastic.co/products/kibana"
          },
          {
            "trust": 0.3,
            "url": "https://www.elastic.co/blog/kibana-local-file-inclusion-flaw-cve-2018-17246"
          },
          {
            "trust": 0.3,
            "url": "https://www.elastic.co/downloads/kibana"
          },
          {
            "trust": 0.3,
            "url": "https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-17246"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647344"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "BID",
            "id": "106285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "db": "BID",
            "id": "106285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "BID",
            "id": "106285"
          },
          {
            "date": "2019-02-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "date": "2018-11-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "date": "2018-12-20T22:29:00.367000",
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-23907"
          },
          {
            "date": "2020-08-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-17246"
          },
          {
            "date": "2018-12-20T00:00:00",
            "db": "BID",
            "id": "106285"
          },
          {
            "date": "2019-02-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          },
          {
            "date": "2024-11-21T03:54:09.280000",
            "db": "NVD",
            "id": "CVE-2018-17246"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kibana Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013160"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-285"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2020-7017 (GCVE-0-2020-7017)

    Vulnerability from nvd – Published: 2020-07-27 18:00 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Kibana Affected: before 6.8.11 and 7.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kibana",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 6.8.11 and 7.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T22:55:26.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elastic.co/community/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2020-7017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kibana",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 6.8.11 and 7.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security/",
                  "refsource": "MISC",
                  "url": "https://www.elastic.co/community/security/"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2020-7017",
        "datePublished": "2020-07-27T18:00:15.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:02.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7016 (GCVE-0-2020-7016)

    Vulnerability from nvd – Published: 2020-07-27 18:00 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
    Severity
    No CVSS data available.
    CWE
    • CWE-185 - Incorrect Regular Expression
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Kibana Affected: before 6.8.11 and 7.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kibana",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 6.8.11 and 7.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-185",
                  "description": "CWE-185: Incorrect Regular Expression",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T22:55:24.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elastic.co/community/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2020-7016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kibana",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 6.8.11 and 7.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-185: Incorrect Regular Expression"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security/",
                  "refsource": "MISC",
                  "url": "https://www.elastic.co/community/security/"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2020-7016",
        "datePublished": "2020-07-27T18:00:15.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11479 (GCVE-0-2017-11479)

    Vulnerability from nvd – Published: 2017-09-28 19:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
              },
              {
                "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
              },
              {
                "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-29T23:06:18.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
            },
            {
              "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
            },
            {
              "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2017-11479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
                },
                {
                  "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
                },
                {
                  "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2017-11479",
        "datePublished": "2017-09-28T19:00:00.000Z",
        "dateReserved": "2017-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7017 (GCVE-0-2020-7017)

    Vulnerability from cvelistv5 – Published: 2020-07-27 18:00 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Kibana Affected: before 6.8.11 and 7.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kibana",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 6.8.11 and 7.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T22:55:26.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elastic.co/community/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2020-7017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kibana",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 6.8.11 and 7.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security/",
                  "refsource": "MISC",
                  "url": "https://www.elastic.co/community/security/"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2020-7017",
        "datePublished": "2020-07-27T18:00:15.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:02.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7016 (GCVE-0-2020-7016)

    Vulnerability from cvelistv5 – Published: 2020-07-27 18:00 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
    Severity
    No CVSS data available.
    CWE
    • CWE-185 - Incorrect Regular Expression
    Assigner
    Impacted products
    Vendor Product Version
    Elastic Kibana Affected: before 6.8.11 and 7.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elastic.co/community/security/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kibana",
              "vendor": "Elastic",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 6.8.11 and 7.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-185",
                  "description": "CWE-185: Incorrect Regular Expression",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T22:55:24.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elastic.co/community/security/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2020-7016",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kibana",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 6.8.11 and 7.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Elastic"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-185: Incorrect Regular Expression"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elastic.co/community/security/",
                  "refsource": "MISC",
                  "url": "https://www.elastic.co/community/security/"
                },
                {
                  "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786"
                },
                {
                  "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2020-7016",
        "datePublished": "2020-07-27T18:00:15.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11479 (GCVE-0-2017-11479)

    Vulnerability from cvelistv5 – Published: 2017-09-28 19:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
              },
              {
                "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
              },
              {
                "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-29T23:06:18.000Z",
            "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
            "shortName": "elastic"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
            },
            {
              "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
            },
            {
              "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@elastic.co",
              "ID": "CVE-2017-11479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884",
                  "refsource": "MISC",
                  "url": "https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884"
                },
                {
                  "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
                },
                {
                  "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
        "assignerShortName": "elastic",
        "cveId": "CVE-2017-11479",
        "datePublished": "2017-09-28T19:00:00.000Z",
        "dateReserved": "2017-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }