Kibana Vulnerability Affecting Elastic Product
CVE-2024-23443

4.9MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 19 June 2024

What is CVE-2024-23443?

A vulnerability in Kibana allows a high-privileged user to create and upload a custom osquery pack that could potentially disrupt the availability of the application. If exploited, this could lead to unintentional denial-of-service conditions, emphasizing the need for rigorous access controls and monitoring of user actions within Kibana.

Affected Version(s)

Kibana 0 < 8.14.0

Kibana 0 < 7.17.22

References

https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-securi...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Jan 16, 2024