Resource Allocation Flaw in Kibana by Elastic
CVE-2024-52973

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 21 January 2025

Summary

A resource allocation issue in Kibana allows users with read access to the Observability-Logs feature to crash the application by sending a specially crafted request to the /api/log_entries/summary endpoint. This vulnerability does not impose limits or throttling, which can lead to severe application stability issues and unauthorized control over resource consumption.

Affected Version(s)

Kibana 7.17.0, 8.0.0 < 7.17.23, 8.14.2

References

https://discuss.elastic.co/t/kibana-7-17-23-and-8-14-2-se...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Nov 18, 2024