Prototype Pollution Vulnerability in Kibana Allows Arbitrary Code Execution
CVE-2024-37287

7.2HIGH

Key Information:

Vendor
Elastic
Status
Kibana
Vendor
CVE Published:
13 August 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

Summary: A critical security flaw has been identified in Kibana, a popular open-source data visualization and exploration tool, with a vulnerability that allows attackers to execute arbitrary code. The vulnerability, tracked as CVE-2024-37287, has a critical severity rating and affects various Kibana environments, including self-managed installations, instances running the Kibana Docker image, and those on Elastic Cloud. Users are strongly advised to upgrade to Kibana version 8.14.2 or 7.17.23 to address the flaw and protect their systems. There are no known exploitations in the wild by ransomware groups at this time.

Affected Version(s)

Kibana 7.7.0, 8.0.0 < 7.17.23, 8.14.2

News Articles

πŸ”—Qualys

Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287) – Qualys ThreatPROTECT

Skip to content Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as...

6 months ago

πŸ”—CybersecurityNews

Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code

A critical security flaw has been identified in Kibana, a popular open-source data visualization and exploration tool.

6 months ago

References

https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-securi...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability Reserved

.