WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7013 Vulnerability in npm package kibana

Description

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Remediation

References

https://www.elastic.co/community/security/

Related Vulnerabilities

CVE-2018-1999020 Vulnerability in maven package org.onosproject:onos-core-common

CVE-2019-10298 Vulnerability in maven package org.jenkins-ci.plugins:koji

CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin

CVE-2020-2282 Vulnerability in maven package org.jenkins-ci.plugins:implied-labels

CVE-2023-29520 Vulnerability in maven package org.xwiki.platform:xwiki-platform-localization-source-wiki

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory