Kibana Server Crash Vulnerability in Elastic Observability API
CVE-2024-52974

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Kibana
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability has been detected within the Elastic Observability API that allows a specifically crafted request to cause the Kibana server to crash. This requires an attacker to possess read permissions for the Observability features of Kibana, enabling them to exploit the flaw. Users are advised to be aware of this risk and consider applying security patches offered by Elastic to mitigate potential threats.

Affected Version(s)

Kibana 7.17.0 <= 7.17.22

Kibana 8.0.0 <= 8.15.0

References

https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-se...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Nov 18, 2024