CVE-2020-7013

MEDIUM

Description

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

References

https://www.elastic.co/community/security/

Details

Source: MITRE

Published: 2020-06-03

Updated: 2020-06-26

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Tenable Plugins

View all (3 total)

ID	Name	Product	Family	Severity
137723	Photon OS 3.0: Kibana PHSA-2020-3.0-0103	Nessus	PhotonOS Local Security Checks	medium
137713	Photon OS 2.0: Kibana PHSA-2020-2.0-0253	Nessus	PhotonOS Local Security Checks	medium
137639	Photon OS 1.0: Kibana PHSA-2020-1.0-0301	Nessus	PhotonOS Local Security Checks	medium