Server Crash Vulnerability in Kibana by Elastic
CVE-2022-38778

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 8 February 2023

Summary

A vulnerability exists in Kibana due to a flaw in a third-party dependency that could allow an authenticated user to issue a request that may crash the Kibana server process. This flaw poses a risk to service availability, potentially disrupting operations for users relying on Kibana for data visualization and management.

Affected Version(s)

kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.0

References

https://www.elastic.co/community/security

https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Aug 26, 2022