CVE-2019-7618

Summary

A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.

Affected Software

VendorProductVersion RangeStatus
ElasticElastic Code7.3.0, 7.3.1, and 7.3.2affected

Weaknesses

  • CWE-538: CWE-538: File and Directory Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References