CVE-2020-7012

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7012

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7012.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7012

Published

2020-06-03T18:15:22.857Z

Modified

2026-02-19T01:40:50.980636Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

References

https://www.elastic.co/community/security/

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

8453f7701de25c467ce08088ddddac185cb8028c

Last affected

2f4c2240ecfc520baef4353a726f13fc59c12066

Introduced

b7e28a7232616c7a21bc879a535d801b8553ba77

Last affected

ef48eb35cf30adf4db14086e8aabd07ef6fb113f

Affected versions

v6.*

v6.7.0

v6.7.1

v6.7.2

v6.8.0

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7012.json"