File Inclusion bug leading to remote code execution in Kibana ElasticSearch
Successful exploitation of the vulnerability can result in a remote code execution on the server with the privilege used by the Kibana process.
A proof of concept has been published on Twitter on 17/12/2018. The existence of a public PoC implementation lends urgency to affected system owners patching or remediating their vulnerable systems.
CERT.be recommends users to always keep their systems up to date.
Users should upgrade to Elastic Stack version 6.4.3 or 5.6.13
Users unable to upgrade can disable the Kibana Console plugin. The Console plugin can be disabled by setting “console.enabled: false” in the kibana.yml file.
Documentation about the upgrade process can be seen on Elastic website: https://www.elastic.co/products