High Nessus Plugin ID 118798
SynopsisThe remote web server hosts a Java application that is vulnerable.
DescriptionNethanel Coppenhagen of CyberArk Labs discovered Kibana versions
before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in
the Console plugin. An attacker with access to the Kibana Console API
This could possibly lead to an attacker executing arbitrary commands
with permissions of the Kibana process on the host system.
SolutionUsers should upgrade to Elastic Stack version 6.4.3 or 5.6.13Users
unable to upgrade can disable the Kibana Console plugin. The Console
plugin can be disabled by setting console.enabled: false in the