Vulnerability
Kibana is an open-source visualisation plugin for Elasticsearch.The Timelion visualizer in Kibana versions prior to 5.6.15 and 6.6.1 has the ability to execute arbitrary code. An attacker with Timelion platform access may submit a request that attempts to execute javascript code. This may result in an attacker executing unauthorised commands on the host machine with the Kibana process’s permissions.
Vulnerability detection:
- Manually detecting
- Timelion function is enabled in kibana.yml.
- Version troubleshooting method: In the settings, look for the Kibana version.
Mitigation / Precaution
- Administrators and consumers of the Elastic Stack (or ELK Stack) can update to Kibana versions 5.6.15 or higher than 6.6.1.
- If updating is not an option at this time, Set timelion.enabled to false in the kibana.yml configuration file to disable Timelion.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
