Prototype Pollution Vulnerability in Kibana by Elastic
CVE-2024-12556

8.7HIGH

Key Information:

Vendor

Elastic
Status
Kibana
Vendor
CVE Published:
8 April 2025

Badges

đź“° News Worthy

What is CVE-2024-12556?

A vulnerability exists in Kibana that allows for prototype pollution, which can lead to code injection. This issue arises due to unrestricted file uploads in combination with path traversal, making it possible for attackers to manipulate the program's behavior by injecting malicious code. Users are urged to apply security updates to mitigate these risks.

Affected Version(s)

Kibana 8.16.1 < 8.17.1

News Articles

favicon imageGBHackers News

Kibana Releases Security Patch to Fix Code Injection Vulnerability

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability, identified as CVE-2024-12556.

References

https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-sec...

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.