Server Crash Vulnerability in Kibana by Elastic
CVE-2022-38778
6.5MEDIUM
Summary
A vulnerability exists in Kibana due to a flaw in a third-party dependency that could allow an authenticated user to issue a request that may crash the Kibana server process. This flaw poses a risk to service availability, potentially disrupting operations for users relying on Kibana for data visualization and management.
Affected Version(s)
kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved