Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-7618

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

Published

2019-10-01T18:15:13.987

Last Modified

2024-11-21T04:48:24.797

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-538
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	7.3.0	Yes
Application	elastic	kibana	7.3.1	Yes
Application	elastic	kibana	7.3.2	Yes

References

https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831 Release Notes, Vendor Advisory ([email protected])
https://staging-website.elastic.co/community/security Permissions Required, Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://staging-website.elastic.co/community/security Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)