Prototype Pollution Vulnerability in Kibana by Elastic
CVE-2024-12556

8.7HIGH

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 8 April 2025

Badges

📰 News Worthy

What is CVE-2024-12556?

A vulnerability exists in Kibana that allows for prototype pollution, which can lead to code injection. This issue arises due to unrestricted file uploads in combination with path traversal, making it possible for attackers to manipulate the program's behavior by injecting malicious code. Users are urged to apply security updates to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kibana 8.16.1 < 8.17.1

News Articles

GBHackers News

CVE-2024-12556

Kibana Releases Security Patch to Fix Code Injection Vulnerability

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability, identified as CVE-2024-12556.

References

https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-sec...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

📰
First article discovered by GBHackers News
Apr 9, 2025
Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Dec 11, 2024

JSON

Elastic

Badges

What is CVE-2024-12556?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

News Articles

Kibana Releases Security Patch to Fix Code Injection Vulnerability

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.