CVE-2018-17246

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-17246
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17246.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-17246
Related
Published
2018-12-20T22:29:00Z
Modified
2024-09-02T23:31:17Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Introduced
8f0685b924b9159807704ec2593b26e28105da44
Fixed
fe40335c1e4fa7db9e38001fa99d19526f3bc5ce
Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
f8bc449f5a6b28d0597730b1cf03fefe7e33422e
Fixed
968768f01f873fec244749abc3c6e939d0e3eda0