Resource Allocation Vulnerability in Kibana by Elastic
CVE-2024-52972

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 23 January 2025

What is CVE-2024-52972?

A vulnerability in Kibana allows for resource allocation without proper limits or throttling. This can lead to service disruptions when specially crafted requests are sent to the /api/metrics/snapshot endpoint. Users with read access to the Observability Metrics or Logs features can exploit this flaw, potentially causing the system to crash.

Affected Version(s)

Kibana 8.0.0 < 8.15.0

Kibana 7.0.0 < 7.17.23

References

https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-securi...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Nov 18, 2024