Need info regarding Kibana Timelion Remote Code Execution issue (ESA-2019-02)

fragatina · March 30, 2019, 12:42am

Hi,

I'm evaluating the Kibana Timelion Remote Code Execution issue (ESA-2019-02) CVE from:

I'd really appreciate if somebody could point out to the GitHub patch for this fix.

Thanks.

nickpeihl · April 1, 2019, 3:15pm

The PR for fixing this is here: https://github.com/elastic/kibana/pull/28834

fragatina · April 1, 2019, 4:42pm

Thanks @nickpeihl for your support on this.
Just to confirm, from what you say, ESA-2019-01 and ESA-2019-02 are both the same pull 28834?
Thanks

nickpeihl · April 1, 2019, 5:14pm

@fragatina It appears to be the same PR for both. But you can email security@elastic.co for more info.

fragatina · April 1, 2019, 9:20pm

Thanks @nikpeihl for your help on this.

Harsha_Sri · April 4, 2019, 1:06pm

Hi, I am looking for the patch that's fixing the ESA-2019-01 XSSvulnerability. So Can we confirm that both ESA-2019-01 and ESA-2019-02 have the same PR's and Patches. Thanks in advance for the help

system · May 2, 2019, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Stack 6.6.1 and 5.6.15 security update Security Announcements	1	35438	November 4, 2022
Elastic Stack 6.1.3 and 5.6.7 security update Security Announcements	1	13748	November 4, 2022
Kibana 6.0.1 and 5.6.5 security update Security Announcements	1	14816	November 4, 2022
Elastic Stack 6.4.1 and 5.6.12 security update Security Announcements	1	18334	November 4, 2022
Kibana 4.x XSS -- CVE pending Security Announcements	1	5664	July 6, 2017

Need info regarding Kibana Timelion Remote Code Execution issue (ESA-2019-02)

Related Topics