Main Vulnerability Database Vulnerabilities #VU35199

Incorrect permission assignment for critical resource in Kibana - CVE-2019-7618

Published: October 1, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35199

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-7618

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Elastic Stack

Affected software:
Kibana

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

How to mitigate CVE-2019-7618

Install update from vendor's website.

Incorrect permission assignment for critical resource in Kibana - CVE-2019-7618

Detailed vulnerability description

How to mitigate CVE-2019-7618

Sources

Please verify you're human