Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7013 Vulnerability in npm package kibana

Description

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Remediation

References

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2015-0279 Vulnerability in maven package org.richfaces:richfaces-a4j

CVE-2011-5064 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-21172 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-35887 Vulnerability in maven package org.apache.sshd:sshd-sftp

CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory