Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2018-17246

Published: 20/12/2018 Updated: 14/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Elastic

Vulnerability Summary

Kibana versions prior to 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

elastic kibana

redhat openshift container platform 3.11

Vendor Advisories

Red Hat: CVE-2018-17246
Kibana, before 643 and 5613, contain an arbitrary file inclusion flaw in the Console plugin An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript code This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system ...

Github Repositories

https://github.com/mpgn/CVE-2018-17246

CVE-2018-17246 - Kibana LFI < 6.4.3 & 5.6.13

CVE-2018-17246 - Kibana LFI &lt; 643 &amp; 5613 A Local File Inclusion on Kibana found by CyberArk Labs, the LFI can be use to execute a reverse shell on the Kibana server with the following payload: /api/console/api_server?sense_version=@@SENSE_VERSION&amp;apis=//////////path/to/shelljs As you alread

https://github.com/Rinkish/HTB_Ippsec_Notes

HTB_Ippsec_Note HayStack Machine - 101010115 nmap -sC -sV -oA nmap/haystack 101010115 Navigate to 101010115 --&gt; Simple Photo Lets check robotstxt Navigate to 101010115/robotstxt --&gt; 404 not Found Save the image and run tools like exiftool etc root@kali: exiftool ~/Downloads/needlejpg --&gt; File Modification Date --Today Sometimes Downloading f

https://github.com/kh4sh3i/ElasticSearch-Pentesting

ElasticSearch exploit and Pentesting guide for penetration tester

ElasticSearch Pentesting ElasticSearch exploit and Pentesting guide for penetration tester What is an Elasticsearch index? An Elasticsearch index is a collection of documents that are related to each other Elasticsearch stores data as JSON documents Brute Force Credentials hydra -L usernamestxt -P passwordstxt &lt;target-ip&gt; -s 9200 http-get /

https://github.com/codesonteen/FIN_ACK_300-FinCyberSecTH2019-Hardening-WriteUp

FoodCyberSec <3

We ❤️ FoodCyberSec 1 Dev Machine SQL Injection Broken Authentication Session Management Broken Access Control Fail Authorization System Security Misconfiguration PHP allows dangerous function 2 Cry Cry Cry Samba EternalBlue on Linux Broken Access Control 3 Query1 SQL Injection parameter is not validated Security Misconfiguration Unchecked uploaded f

References

CWE-829https://www.elastic.co/community/securityhttps://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594http://www.securityfocus.com/bid/106285https://access.redhat.com/errata/RHBA-2018:3743https://nvd.nist.govhttps://github.com/mpgn/CVE-2018-17246https://access.redhat.com/security/cve/cve-2018-17246
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook