SB2018110613 - Multiple vulnerabilities in Kibana

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) File inclusion (CVE-ID: CVE-2018-17246)

The vulnerability allows an adjacent attacker to execute arbitrary commands on the target system.

The weakness exists due to an arbitrary file inclusion flaw in the Console plugin. An adjacent attacker with access to the Kibana Console API can send a specially crafted request and execute arbitrary commands with permissions of the Kibana process to execute javascript code on the host system.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2018-17244)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error when request headers are applied to requests using Active Directory, LDAP, Native, or File realms. A remote attacker can obtain potentially sensitive information if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user.

3) Information disclosure (CVE-ID: CVE-2018-17245)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw when authorization credentials are used for generating PDF reports, Native, or File realms. A remote attacker can obtain potentially sensitive information if a report requests external resources plaintext credentials are included in the HTTP request that can be recovered by an external resource provider.

Remediation

Install update from vendor's website.

References

• https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
• https://www.elastic.co/community/security
• https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594