Kibana Denial of Service issue
CVE-2024-37281

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 30 July 2024

Summary

A vulnerability has been identified in Kibana that allows a user with a Viewer role to exploit the system's request handling functionality. By sending a substantial number of specially crafted requests to a designated endpoint, an attacker can cause the Kibana instance to experience crashes. This issue not only disrupts the service but also affects users' access to important analytics and visualizations, highlighting the need for prompt updates and security measures to mitigate such threats.

Affected Version(s)

Kibana 7.x < 7.17.23

Kibana 8.x < 8.14.0

References

https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-securi...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2024
Vulnerability Reserved
Jun 5, 2024