CVE-2019-7609

Related Files

Kibana Timelion Prototype Pollution Remote Code Execution

Posted Sep 8, 2023

Authored by h00die, Gaetan Ferry, Michal Bentkowski | Site metasploit.com

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.

tags | exploit, arbitrary, shell, javascript, code execution

advisories | CVE-2019-7609

SHA-256 | 218aabf6c87ec8ccc508ad1d2d5d2ca8b265eead008ca12a1926cb66c80614ab

Download | Favorite | View

Red Hat Security Advisory 2019-2860-01

Posted Sep 30, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2860-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updates to kibana in Red Hat OpenShift Container Platform 4.1.18. Issues addressed include a code execution vulnerability.

tags | advisory, code execution

systems | linux, redhat

advisories | CVE-2019-7608, CVE-2019-7609, CVE-2019-7610

SHA-256 | bb76f610ed81e573d24833b1caefeb4aa5c5ac9c965eea753e926f2d7e325640

Download | Favorite | View