Server Crash Vulnerability in Kibana by Elastic
CVE-2022-38778

6.5MEDIUM

Key Information:

Vendor
Elastic
Status
Vendor
CVE Published:
8 February 2023

Summary

A vulnerability exists in Kibana due to a flaw in a third-party dependency that could allow an authenticated user to issue a request that may crash the Kibana server process. This flaw poses a risk to service availability, potentially disrupting operations for users relying on Kibana for data visualization and management.

Affected Version(s)

kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.