Local File Disclosure Vulnerability in Elastic Code

Local File Disclosure Vulnerability in Elastic Code

CVE-2019-7618 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

Learn more about our User Device Pen Test.