CVE-2020-7012 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-7012 Interim 1 13 2025-02-17T01:37:45Z current 2021-05-30T14:37:21Z 2025-02-17T01:37:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-7012 Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 kibana kibana as a component of HPE Helion OpenStack 8 kibana as a component of HPE Helion OpenStack Cloud 8 kibana as a component of SUSE OpenStack Cloud 7 kibana as a component of SUSE OpenStack Cloud 8 kibana as a component of SUSE OpenStack Cloud 9 kibana as a component of SUSE OpenStack Cloud Crowbar 8 kibana as a component of SUSE OpenStack Cloud Crowbar 9 Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. CVE-2020-7012 HPE Helion OpenStack 8:kibana HPE Helion OpenStack Cloud 8:kibana SUSE OpenStack Cloud 7:kibana SUSE OpenStack Cloud 8:kibana SUSE OpenStack Cloud 9:kibana SUSE OpenStack Cloud Crowbar 8:kibana SUSE OpenStack Cloud Crowbar 9:kibana important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H