CVE-2019-7618

Source
https://cve.org/CVERecord?id=CVE-2019-7618
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7618.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-7618
Published
2019-10-01T18:15:13.987Z
Modified
2026-07-08T16:08:30.668348Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:elastic:kibana:7.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:7.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:7.3.2:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "7.3.0"
        },
        {
            "last_affected": "7.3.0"
        },
        {
            "introduced": "7.3.1"
        },
        {
            "last_affected": "7.3.1"
        },
        {
            "introduced": "7.3.2"
        },
        {
            "last_affected": "7.3.2"
        }
    ]
}

Affected versions

7.*
7.3.0
7.3.1
7.3.2
v7.*
v7.3.0
v7.3.1
v7.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7618.json"

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:elastic:kibana:7.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:7.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:kibana:7.3.2:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "7.3.0"
        },
        {
            "last_affected": "7.3.0"
        },
        {
            "introduced": "7.3.1"
        },
        {
            "last_affected": "7.3.1"
        },
        {
            "introduced": "7.3.2"
        },
        {
            "last_affected": "7.3.2"
        }
    ]
}

Affected versions

7.*
7.3.0
7.3.1
7.3.2
v7.*
v7.3.0
v7.3.1
v7.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7618.json"