What is CVE-2018-17246?

CVE-2018-17246 is a vulnerability in Elastic Kibana, classified under External Control of File Name or Path. Published 2018-12-20.

Is CVE-2018-17246 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Elastic Kibana

CVE-2018-17246

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibl…

EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.

Affected products

Elastic Kibana — versions before 6.4.3 and 5.6.13

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

Public proof-of-concept exploits

References

106285 (vdb-entry, x_refsource_BID)
discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 (x_refsource_MISC)
RHBA-2018:3743 (x_refsource_REDHAT, vendor-advisory)
www.elastic.co/community/security (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-17246?: CVE-2018-17246 is a vulnerability in Elastic Kibana, classified under External Control of File Name or Path. Published 2018-12-20.
Is CVE-2018-17246 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.