Code injection vulnerability in kibana - CVE-2020-7012 (rpm)ID: oval:org.secpod.oval:def:63616 | Date: (C)2020-06-04 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with kibana 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 and is prone to a code injection vulnerability. A flaw is present in the application, which fails to handle Kibana index where an attacker could insert data that would cause Kibana to execute arbitrary code. Successful exploitation allows attackers to execute code with the permissions of the Kibana process on the host system.