all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Kibana Timelion Prototype Pollution Remote Code Execution

Add to bookmarks
Sept. 8, 2023, 8:53 p.m. |

Packet Storm packetstormsecurity.com

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells …

access application arbitrary code attacker code code execution command exploitation flaw host javascript kibana permissions pollution process prototype remote code remote code execution request send system

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 2 days, 14 hours ago | packetstormsecurity.com
arbitrary code attacker code crash +16
Ubuntu Security Notice USN-6762-1 2 days, 14 hours ago | packetstormsecurity.com
arbitrary code attacker attackers code +15
SOPlanning 1.52.00 SQL Injection 2 days, 14 hours ago | packetstormsecurity.com
injection php projects sql +5
SOPlanning 1.52.00 Cross Site Request Forgery 2 days, 14 hours ago | packetstormsecurity.com
forgery php request version +2
SOPlanning 1.52.00 Cross Site Scripting 2 days, 14 hours ago | packetstormsecurity.com
cross site scripting php scripting version +2
Red Hat Security Advisory 2024-2679-03 2 days, 14 hours ago | packetstormsecurity.com
advisory enterprise free linux +7
Red Hat Security Advisory 2024-2674-03 2 days, 14 hours ago | packetstormsecurity.com
advisory enterprise kernel linux +5
Red Hat Security Advisory 2024-2071-03 2 days, 14 hours ago | packetstormsecurity.com
advisory bugs container fix +10
Red Hat Security Advisory 2024-2068-03 2 days, 14 hours ago | packetstormsecurity.com
advisory bugs container denial of service +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com
View more jobs