Need info regarding Kibana Timelion Remote Code Execution issue (ESA-2019-02)

fragatina · March 30, 2019, 12:42am

Hi,

I'm evaluating the Kibana Timelion Remote Code Execution issue (ESA-2019-02) CVE from:

I'd really appreciate if somebody could point out to the GitHub patch for this fix.

Thanks.

nickpeihl · April 1, 2019, 3:15pm

The PR for fixing this is here: https://github.com/elastic/kibana/pull/28834

fragatina · April 1, 2019, 4:42pm

Thanks @nickpeihl for your support on this.
Just to confirm, from what you say, ESA-2019-01 and ESA-2019-02 are both the same pull 28834?
Thanks

nickpeihl · April 1, 2019, 5:14pm

@fragatina It appears to be the same PR for both. But you can email security@elastic.co for more info.

fragatina · April 1, 2019, 9:20pm

Thanks @nikpeihl for your help on this.

Harsha_Sri · April 4, 2019, 1:06pm

Hi, I am looking for the patch that's fixing the ESA-2019-01 XSSvulnerability. So Can we confirm that both ESA-2019-01 and ESA-2019-02 have the same PR's and Patches. Thanks in advance for the help

system · May 2, 2019, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.