Unrated severityNVD Advisory· Published Jun 3, 2020· Updated Aug 4, 2024

CVE-2020-7012

Description

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Affected products

Elastic/Kibanav5
Range: 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.elastic.co/community/security/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.059
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000