Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kibana path traversal issue
Vulnerability Description
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Elastic Kibana 安全漏洞
Vulnerability Description
Elastic Kibana是荷兰Elastic公司的一个应用系统。一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化,并让您在 Elastic Stack 中进行导航。 Elastic Kibana 存在安全漏洞,该漏洞源于没有验证用户提供的路径。攻击者利用该漏洞可以任意遍历以.pbf扩展名结尾的内部文件。
CVSS Information
N/A
Vulnerability Type
N/A