CVE-2020-7012
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.
Kibana versiones 6.7.0 hasta 6.8.8 y 7.0.0 hasta 7.6.2, contienen un fallo contaminación de prototipo en el Upgrade Assistant. Un atacante autenticado con privilegios para escribir en el índice de Kibana podría insertar datos que harían que Kibana ejecutara código arbitrario. Esto podría conllevar posiblemente a que un atacante ejecute código con los permisos del proceso de Kibana en el sistema host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2020-06-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.elastic.co/community/security | 2020-08-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elastic Search vendor "Elastic" | Kibana Search vendor "Elastic" for product "Kibana" | >= 6.7.0 <= 6.8.8 Search vendor "Elastic" for product "Kibana" and version " >= 6.7.0 <= 6.8.8" | - |
Affected
| ||||||
Elastic Search vendor "Elastic" | Kibana Search vendor "Elastic" for product "Kibana" | >= 7.0.0 <= 7.6.2 Search vendor "Elastic" for product "Kibana" and version " >= 7.0.0 <= 7.6.2" | - |
Affected
|