Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Vulnerability Description
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242). This requires an authenticated user who has the workflowsManagement:executeWorkflow privilege.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
Elastic Kibana 安全漏洞
Vulnerability Description
Elastic Kibana是Elastic公司的一个可用数据可视化仪表板软件。 Elastic Kibana存在安全漏洞,该漏洞源于Workflows中存在模板引擎特殊元素中和不当,可能导致具有workflowsManagement:executeWorkflow权限的经过身份验证的用户读取Kibana服务器文件系统中的任意文件,并执行服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A