ID:9308 - Exploit for Code Injection in Kibana - CVE-2019-7609
Published: September 8, 2023
Vulnerability identifier: #VU18085
Vulnerability risk: Medium
CVE-ID: CVE-2019-7609
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
Kibana
Kibana
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Timelion visualizer. A remote attacker with access to the Timelion application can send a specially crafted request and execute arbitrary javascript code on the target system with privileges of the Kibana process on the host system.
Remediation
Install updates from vendor's website.