Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Elasticsearch Kibana 命令注入漏洞
Vulnerability Description
Elasticsearch Kibana是荷兰Elasticsearch公司的一套开源的、基于浏览器的分析和搜索Elasticsearch仪表板工具。 Elasticsearch Kibana 5.6.15之前版本和6.6.1之前版本中的安全审计计量器存在命令注入漏洞。远程攻击者可通过发送请求利用该漏洞执行JavaScript代码并可能以Kibana进程权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A