{"containers": {"cna": {"affected": [{"product": "Elastic Code", "vendor": "Elastic", "versions": [{"status": "affected", "version": "7.3.0, 7.3.1, and 7.3.2"}]}], "descriptions": [{"lang": "en", "value": "A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-538", "description": "CWE-538: File and Directory Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-01T17:52:42.000Z", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://staging-website.elastic.co/community/security"}, {"tags": ["x_refsource_MISC"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2019-7618", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elastic Code", "version": {"version_data": [{"version_value": "7.3.0, 7.3.1, and 7.3.2"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-538: File and Directory Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://staging-website.elastic.co/community/security", "refsource": "MISC", "url": "https://staging-website.elastic.co/community/security"}, {"name": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:54:28.312Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://staging-website.elastic.co/community/security"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2019-7618", "datePublished": "2019-10-01T17:52:42.000Z", "dateReserved": "2019-02-07T00:00:00.000Z", "dateUpdated": "2024-08-04T20:54:28.312Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2F9EBE3-54B9-410E-9B22-6A4671735765", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:7.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F08B1343-B6DB-435B-8913-9EBAC66B5D00", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D73DD3D7-F0E2-4BA3-8BD9-637E872CA121", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de divulgaci\u00f3n de archivo local en Elastic Code versiones 7.3.0, 7.3.1 y 7.3.2. Si un repositorio de c\u00f3digo malicioso es importado hacia Code, es posible leer archivos arbitrarios del sistema de archivos local de la instancia Kibana ejecutando Code con el permiso del usuario system de Kibana."}], "id": "CVE-2019-7618", "lastModified": "2024-11-21T04:48:24.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-01T18:15:13.987", "references": [{"source": "bressers@elastic.co", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"}, {"source": "bressers@elastic.co", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://staging-website.elastic.co/community/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://staging-website.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "bressers@elastic.co", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}