Threat Encyclopedia



This indicates an attack attempt against a Local File Inclusion vulnerability in Elastic Stack's Kibana plugin.
The vulnerability is due to insufficient input validation in the application when handling a crafted request. A remote attacker could exploit this to to access arbitrary files and execute arbitrary code within the context of the system.

affected-products-logoAffected Products

Elastic Kibana prior to 5.6.13
Elastic Kibana prior to 6.4.3


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:

CVE References