CVE-2020-7016

Summary

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

Affected Software

VendorProductVersion RangeStatus
ElasticKibanabefore 6.8.11 and 7.8.1affected

Weaknesses

  • CWE-185: CWE-185: Incorrect Regular Expression

ADP Enrichment

CVE Program Container

Additional References

References