Server Side Request Forgery (SSRF) Vulnerability in Kibana's Timelion Visualizer Integration

Server Side Request Forgery (SSRF) Vulnerability in Kibana's Timelion Visualizer Integration

CVE-2019-7616 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.

Learn more about our Cis Benchmark Audit For Server Software.