CVE-2019-7609

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7609

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7609.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-7609

Downstream

RHSA-2019:2860

Published

2019-03-25T19:29:02.147Z

Modified

2026-01-12T03:39:01.995292Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe7575a32e23e15e0a77677dc1a180206554228b

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.19.0.RC1

v0.19.0.RC2

v0.19.0.RC3

v0.20.0.RC1

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.90.0

v0.90.0.Beta1

v0.90.0.RC1

v0.90.0.RC2

v1.*

v1.0.0.Beta1

v1.0.0.Beta2

v1.0.0.RC1

v5.*

v5.0.0-alpha1

v5.0.0-alpha2

v5.0.0-alpha3

v5.0.0-alpha4

v5.0.0-alpha5

v5.6.0

v5.6.1

v5.6.10

v5.6.11

v5.6.12

v5.6.13

v5.6.14

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.6.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7609.json"

Git / github.com/elastic/kibana