VDB

CVE-2020-7013

CVE-2020-7013 PUBLISHED

Reported by elastic · Published June 3, 2020

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Affected Products

VendorProductVersions
ElasticKibanabefore 6.8.9 and 7.7.0
ElasticKibanabefore 6.8.9 and 7.7.0

Timeline

  • Jun 3, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Aug 4, 2024 CVE Updated
  • Mar 17, 2025 EPSS Score
  • Mar 26, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 2, 2025 EPSS Score

References

  • x_refsource_MISC
Open in Interactive Console →
$ Console Community · 100/wk Open console ›