CVE-2020-7012

HIGH

Kibana 6.7.0-6.8.8 and 7.0.0-7.6.2 - Authenticated Code Injection in Upgrade Assistant

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7012. PoCs published by h00die, Alex Brasetvik (alexbrasetvik), including Metasploit module exploits/linux/http/kibana_upgrade_assistant_telemetry_rce.

AI-analyzed exploit summary This Metasploit module exploits a prototype pollution vulnerability in Kibana's Upgrade Assistant (CVE-2020-7012) to achieve remote code execution by injecting malicious telemetry data. The exploit leverages either direct Elasticsearch access or Kibana's dev console to implant payloads, which execute when Kibana processes the polluted prototype.

Description

Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Exploits (1)

metasploit WORKING POC MANUAL

by h00die, Alex Brasetvik (alexbrasetvik) · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/kibana_upgrade_assistant_telemetry_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a prototype pollution vulnerability in Kibana's Upgrade Assistant (CVE-2020-7012) to achieve remote code execution by injecting malicious telemetry data. The exploit leverages either direct Elasticsearch access or Kibana's dev console to implant payloads, which execute when Kibana processes the polluted prototype.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kibana before 7.6.3

Auth required

Prerequisites: Access to Elasticsearch (port 9200) or Kibana (port 5601) · Valid credentials if authentication is enabled

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.elastic.co/community/security/

Scores

CVSS v3 8.8

EPSS 0.7344

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

elastic/kibana 6.7.0 - 6.8.8

Published Jun 03, 2020

Tracked Since Feb 18, 2026