Multiple vulnerabilities in Kibana
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-17246 CVE-2018-17244 CVE-2018-17245 |
| CWE-ID | CWE-77 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Kibana Web applications / Other software |
| Vendor | Elastic Stack |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) File inclusion
EUVDB-ID: #VU16603
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17246
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary commands on the target system.
The weakness exists due to an arbitrary file inclusion flaw in the Console plugin. An adjacent attacker with access to the Kibana Console API can send a specially crafted request and execute arbitrary commands with permissions of the Kibana process to execute javascript code on the host system.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability has been fixed in the versions 6.4.3 and 5.6.13.
Vulnerable software versionsKibana: 5.0.0 - 6.4.2
External linkshttp://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
http://www.elastic.co/community/security
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU16834
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17244
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error when request headers are applied to requests using Active Directory, LDAP, Native, or File realms. A remote attacker can obtain potentially sensitive information if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user.
The vulnerability has been fixed in the versions 6.4.3 and 5.6.13.
Vulnerable software versionsKibana: 4.0 - 6.4.2
External linkshttp://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU16833
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17245
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw when authorization credentials are used for generating PDF reports, Native, or File realms. A remote attacker can obtain potentially sensitive information if a report requests external resources plaintext credentials are included in the HTTP request that can be recovered by an external resource provider.
The vulnerability has been fixed in the versions 6.4.3 and 5.6.13.
Vulnerable software versionsKibana: 4.0 - 6.4.2
External linkshttp://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
