CVE-2019-7610

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-7610

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7610.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7610

Downstream

RHSA-2019:2860

Published

2019-03-25T19:29:02.197Z

Modified

2026-02-12T00:34:12.470462Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

8f0685b924b9159807704ec2593b26e28105da44

Fixed

1fd8f691bf2e467057b864eea9103a6e3345af3e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7610.json"

Git / github.com/elastic/kibana

Affected ranges

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4f1e8f824c4cdc70bfa09a5ec734d7108366456

Introduced

f8bc449f5a6b28d0597730b1cf03fefe7e33422e

Fixed

c0c81857d435f499ec2514d9a4823e3dc87021bd

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7610.json"