Prototype Pollution Vulnerability in Kibana by Elastic
CVE-2024-12556

8.7HIGH

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability exists in Kibana that allows for prototype pollution, which can lead to code injection. This issue arises due to unrestricted file uploads in combination with path traversal, making it possible for attackers to manipulate the program's behavior by injecting malicious code. Users are urged to apply security updates to mitigate these risks.

Affected Version(s)

Kibana 8.16.1 < 8.17.1

References

https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-sec...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Dec 11, 2024