Threat Encyclopedia

Elastic.Kibana.server.js.Local.File.Inclusion

description-logoDescription

This indicates an attack attempt against a Local File Inclusion vulnerability in Elastic Stack's Kibana plugin.
The vulnerability is due to insufficient input validation in the application when handling a crafted request. A remote attacker could exploit this to to access arbitrary files and execute arbitrary code within the context of the system.

affected-products-logoAffected Products

Elastic Kibana prior to 5.6.13
Elastic Kibana prior to 6.4.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://www.elastic.co/blog/kibana-local-file-inclusion-flaw-cve-2018-17246

CVE References

CVE-2018-17246