Denial-of-service vulnerability in kibana - CVE-2020-7016 (dpkg)ID: oval:org.secpod.oval:def:64672 | Date: (C)2020-07-28 (M)2022-11-23 |
Class: VULNERABILITY | Family: unix |
The host is installed with kibana before 6.8.11 or 7.x before 7.8.1 and is prone to a denial-of-service vulnerability. A flaw is present in the application, which fails to handle Timelion. Successful exploitation allows attackers to construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive..