Elastic

Kibana

120 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.2%
  • Veröffentlicht 01.07.2026 17:21:28
  • Zuletzt bearbeitet 02.07.2026 18:15:39

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the ...

  • EPSS 0.21%
  • Veröffentlicht 01.07.2026 16:59:24
  • Zuletzt bearbeitet 02.07.2026 17:52:31

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in appli...

  • EPSS 0.25%
  • Veröffentlicht 01.07.2026 16:35:19
  • Zuletzt bearbeitet 02.07.2026 17:53:01

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource c...

  • EPSS 0.25%
  • Veröffentlicht 01.07.2026 16:29:25
  • Zuletzt bearbeitet 02.07.2026 16:09:39

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agen...

  • EPSS 0.2%
  • Veröffentlicht 28.05.2026 19:51:32
  • Zuletzt bearbeitet 01.06.2026 14:13:11

Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egres...

  • EPSS 0.27%
  • Veröffentlicht 28.05.2026 19:49:53
  • Zuletzt bearbeitet 01.06.2026 13:31:57

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collecti...

  • EPSS 0.26%
  • Veröffentlicht 28.05.2026 19:48:31
  • Zuletzt bearbeitet 01.06.2026 13:30:50

Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a confi...

  • EPSS 0.3%
  • Veröffentlicht 28.05.2026 19:47:53
  • Zuletzt bearbeitet 01.06.2026 14:17:50

Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Ki...

  • EPSS 0.3%
  • Veröffentlicht 28.05.2026 19:44:05
  • Zuletzt bearbeitet 01.06.2026 14:14:05

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a spec...

  • EPSS 0.3%
  • Veröffentlicht 28.05.2026 19:42:11
  • Zuletzt bearbeitet 01.06.2026 14:13:36

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, c...