Kibana Open Redirect Vulnerability Could Lead to Arbitrary Website Redirection
CVE-2024-23442

6.1MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 14 June 2024

What is CVE-2024-23442?

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Affected Version(s)

Kibana 8.11.1 <= 8.13.4

Kibana 7.17.21

References

https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-securi...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jan 16, 2024

Elastic

What is CVE-2024-23442?

Affected Version(s)

References

CVSS V3.1

Timeline