Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Elastic Stack Kibana 路径遍历漏洞
Vulnerability Description
Elastic Stack Kibana是美国Elastic Stack公司的一个应用系统。一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化,并让您在 Elastic Stack 中进行导航。 Kibana 存在安全漏洞,该漏洞源于没有验证用户提供的路径,该路径会加载 .pbf 文件。恶意用户可以遍历 Kibana 主机的任意以 .pbf 扩展名结尾的内部文件。
CVSS Information
N/A
Vulnerability Type
N/A