Bug 1696032 (CVE-2019-7610) - CVE-2019-7610 kibana: Audit logging Remote Code Execution issue
Summary: CVE-2019-7610 kibana: Audit logging Remote Code Execution issue
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-7610
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1747796
Blocks: 1696033
TreeView+ depends on / blocked
 
Reported: 2019-04-04 03:47 UTC by Pedro Sampaio
Modified: 2021-02-16 22:08 UTC (History)
24 users (show)

Fixed In Version: kibana 5.6.15, kibana 6.6.1
Doc Type: If docs needed, set a value
Doc Text:
An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:53:26 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2860 0 None None None 2019-09-27 01:35:13 UTC

Description Pedro Sampaio 2019-04-04 03:47:15 UTC 
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

References:

https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
Comment 10 Jason Shepherd 2019-09-26 06:23:23 UTC 
Statement:

Red Hat OpenStack Platform 8.0/9.0 Operational Tools Kibana/Elasticsearch versions do not include nor support X-Pack (8/9 versions must use the optional Shield, also not packaged); not affected.

Red Hat OpenShift Container Platform 4.1, and 3.x do not install the vulnerable package (Shield for Kibana 4, and X-Pack for Kibana 5), so the impact is lowered to moderate.
Comment 11 errata-xmlrpc 2019-09-27 01:35:11 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.1

Via RHSA-2019:2860 https://access.redhat.com/errata/RHSA-2019:2860
Comment 13 Eric Christensen 2020-04-29 14:16:36 UTC 
External References:

https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
Note You need to log in before you can comment on or make changes to this bug.