elasticsearch kibana CVE-2020-7016 vulnerability in Elasticsearch and Other Products
Published on July 27, 2020

product logo product logo product logo
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.

NVD

Weakness Type

Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.


Products Associated with CVE-2020-7016

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-7016 are published in these products:

Elasticsearch Kibana
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Communications Billing Revenue Management
 
Oracle Communications Cloud Native Core Network Function Cloud Native Environment
 
Elastic Kibana
 

Affected Versions

Elastic Kibana Version before 6.8.11 and 7.8.1 is affected by CVE-2020-7016

Exploit Probability

EPSS
0.38%
Percentile
58.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.