Exploit Script for Kibana Remote Code Execution Available (CVE-2019-7609)

Earlier this week, an exploit script for a previously patched vulnerability in Kibana, the open-source data visualization plugin for Elasticsearch, was published to GitHub. Kibana is one of several open-source tools used for centralized log management called the Elastic Stack, also known as the ELK Stack.

The vulnerability, CVE-2019-7609 is an arbitrary code execution flaw in Kibana’s Timelion visualizer that was patched in February 2019. However, recent information from a security researcher has led to the public availability of a proof-of-concept (PoC) for the vulnerability and subsequently, an exploit script to identify and exploit the flaw on vulnerable hosts.

For more information, including product coverage, please visit our blog.