Kibana Timelion Arbitrary Code Execution

Jijith Rajan
Published on
16 Jun 2021

Kibana is an open-source visualisation plugin for Elasticsearch.The Timelion visualizer in Kibana versions prior to 5.6.15 and 6.6.1 has the ability to execute arbitrary code. An attacker with Timelion platform access may submit a request that attempts to execute javascript code. This may result in an attacker executing unauthorised commands on the host machine with the Kibana process’s permissions.

Vulnerability detection:

  • Manually detecting
  • Timelion function is enabled in kibana.yml.
  • Version troubleshooting method: In the settings, look for the Kibana version.

Mitigation / Precaution

  • Administrators and consumers of the Elastic Stack (or ELK Stack) can update to Kibana versions 5.6.15 or higher than 6.6.1.
  • If updating is not an option at this time, Set timelion.enabled to false in the kibana.yml configuration file to disable Timelion.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment