CVE-2019-7609 – Elastic / Kibana – Code injection
CVE-2019-7609 is a code injection vulnerability impacting Elastic Kibana versions before 5.6.15 and 6.6.1. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit that was shared via YouTube.
Summary:
CVE-2019-7609 is a code injection vulnerability impacting Elastic Kibana versions before 5.6.15 and 6.6.1. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit that was shared via YouTube.
PoC Links(if available):
GitHub commit exploit –
https://github.com/LandGrey/CVE-2019-7609
Known Counter Measures:
Elastic addressed the vulnerability in Kibana versions 5.6.15 and 6.6.1.
Links to patches(if available)
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
