CVE-2019-7610

kibana: Audit logging Remote Code Execution issue

Severity Score

9.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Kibana anterior a versión 6.6.1, contienen un fallo de ejecución de código arbitrario en el registrador de auditoría de seguridad. Si una instancia de Kibana presenta la configuración xpack.security.audit.enabled establecida en true, un atacante podría enviar una petición que intente ejecutar código javascript. Esto podría conllevar a un atacante a ejecutar comandos arbitrarios con permisos del proceso kibana en el sistema host.

An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-07 CVE Reserved
2019-03-25 CVE Published
2024-03-18 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHBA-2019:2824	2019-07-30
https://access.redhat.com/errata/RHSA-2019:2860	2019-07-30
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077	2019-07-30
https://www.elastic.co/community/security	2019-07-30
https://access.redhat.com/security/cve/CVE-2019-7610	2019-09-30
https://bugzilla.redhat.com/show_bug.cgi?id=1696032	2019-09-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				< 5.6.15 Search vendor "Elastic" for product "Kibana" and version " < 5.6.15"		-		Affected
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				>= 6.0.0 < 6.6.1 Search vendor "Elastic" for product "Kibana" and version " >= 6.0.0 < 6.6.1"		-		Affected