A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2019-10-01T17:52:42
Updated: 2024-08-04T20:54:28.312Z
Reserved: 2019-02-07T00:00:00
Link: CVE-2019-7618
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-10-01T18:15:13.987
Modified: 2020-10-16T13:17:17.457
Link: CVE-2019-7618
Redhat
No data.