Wednesday, February 20, 2019

Arbitrary code execution vulnerabilities in Kibana (CVE-2019-7609 and CVE-2019-7609)

Some security vulnerabilities in Kibana have been reported recently. Two of these vulnerabilities allow arbitrary code execution in the application.

Apart from these arbitrary code execution vulnerabilities in Kibana, the official announcement also mentions other security improvements in the Elasticsearch, Logstash and Kibana components. Versions prior to 6.6.1 are affected by these vulnerabilities. You can learn more about them in the official announcements.

We recommend that you upgrade your ELK deployments to the latest version. You can follow our documentation to learn how to upgrade your deployment to strengthen its security. We highly recommend creating a backup before performing the upgrade.

For new application deployments, including those made from the Bitnami Launchpad, we have updated and released the containers, installers, virtual machines, cloud images, and Multi-Tier solutions that contain any of the affected versions.

If you have further questions about this security issue, please post to our community forum, where we will be happy to help.