Id:
CVE-2020-7016
Comment
:
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
CVSSv2 Score:
2.1
Access vector:
|
NETWORK
|
Access complexity:
|
HIGH
|
Authentication:
|
SINGLE
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
PARTIAL
|
CVSSv2 Vector:
AV:N/AC:H/Au:S/C:N/I:N/A:P
CVSSv3 Score:
4.8
Attack vector:
|
NETWORK
|
Attack complexity:
|
HIGH
|
Privileges required:
|
LOW
|
User interaction:
|
REQUIRED
|
Scope:
|
UNCHANGED
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
HIGH
|
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
References: