automatic module_metadata_base.json update

rapid7 · Oct 6, 2023 · b32fe19 · b32fe19
1 parent fb834b2
commit b32fe19
Showing 1 changed file with 60 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -67259,6 +67259,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/kibana_upgrade_assistant_telemetry_rce": {
+    "name": "Kibana Upgrade Assistant Telemetry Collector Prototype Pollution",
+    "fullname": "exploit/linux/http/kibana_upgrade_assistant_telemetry_rce",
+    "aliases": [
+
+    ],
+    "rank": 0,
+    "disclosure_date": "2020-04-17",
+    "type": "exploit",
+    "author": [
+      "h00die",
+      "Alex Brasetvik (alexbrasetvik)"
+    ],
+    "description": "Kibana before version 7.6.3 suffers from a prototype pollution bug within the\n          Upgrade Assistant. By setting a new constructor.prototype.sourceURL value we're\n          able to execute arbitrary code.\n          Code execution is possible through two different ways. Either by sending data\n          directly to Elastic, or using Kibana to submit the same queries. Either method\n          enters the polluted prototype for Kibana to read.\n\n          Kibana will either need to be restarted, or collection happens (unknown time) for\n          the payload to execute. Once it does, cleanup must delete the .kibana_1 index\n          for Kibana to restart successfully. Once a callback does occur, cleanup will\n          happen allowing Kibana to be successfully restarted on next attempt.",
+    "references": [
+      "URL-https://hackerone.com/reports/852613"
+    ],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": 9200,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "ELASTIC",
+      "KIBANA"
+    ],
+    "mod_time": "2023-10-06 09:55:10 +0000",
+    "path": "/modules/exploits/linux/http/kibana_upgrade_assistant_telemetry_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/kibana_upgrade_assistant_telemetry_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-service-down"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/klog_server_authenticate_user_unauth_command_injection": {
     "name": "Klog Server authenticate.php user Unauthenticated Command Injection",
     "fullname": "exploit/linux/http/klog_server_authenticate_user_unauth_command_injection",