CVE-2021-37938

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://discuss.elastic.co/t/kibana-7-15-2-security-update/288923	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-11-18 16:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-37938

Mitre link : CVE-2021-37938

CVE.ORG link : CVE-2021-37938

JSON object : View

Products Affected

elastic

kibana

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-269

Improper Privilege Management

{"id": "CVE-2021-37938", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-11-18T16:15:08.817", "references": [{"url": "https://discuss.elastic.co/t/kibana-7-15-2-security-update/288923", "tags": ["Release Notes", "Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability."}, {"lang": "es", "value": "Se ha detectado que en los sistemas operativos Windows espec\u00edficamente, Kibana no estaba comprendiendo una ruta suministrada por el usuario, que cargar\u00eda archivos .pbf. Debido a esto, un usuario malicioso podr\u00eda atravesar arbitrariamente el host de Kibana para cargar archivos internos que terminaran en la extensi\u00f3n .pbf. Gracias a Dominic Couture por encontrar esta vulnerabilidad."}], "lastModified": "2021-11-23T18:20:13.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE8F25B-F606-4B79-A2A3-4D1C27818B6E", "versionEndExcluding": "7.15.2", "versionStartIncluding": "7.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}