Elastic

Kibana

83 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-37285

  • EPSS 0.44%
  • Veröffentlicht 14.11.2024 17:15:06
  • Zuletzt bearbeitet 01.10.2025 18:36:35

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch ind...

8.8

CVE-2024-37288

  • EPSS 1.55%
  • Veröffentlicht 09.09.2024 09:15:02
  • Zuletzt bearbeitet 16.09.2024 13:29:06

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/gui...

7.2

CVE-2024-37287

  • EPSS 0.63%
  • Veröffentlicht 13.08.2024 12:15:06
  • Zuletzt bearbeitet 22.08.2024 13:33:12

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to ar...

6.5

CVE-2024-37281

  • EPSS 0.39%
  • Veröffentlicht 30.07.2024 22:15:01
  • Zuletzt bearbeitet 29.09.2025 14:09:44

An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.

4.9

CVE-2024-23443

  • EPSS 2.22%
  • Veröffentlicht 19.06.2024 14:15:13
  • Zuletzt bearbeitet 21.11.2024 08:57:43

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.

6.1

CVE-2024-23442

  • EPSS 0.41%
  • Veröffentlicht 14.06.2024 15:15:49
  • Zuletzt bearbeitet 21.11.2024 08:57:42

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

4.3

CVE-2024-37279

  • EPSS 0.12%
  • Veröffentlicht 13.06.2024 17:15:50
  • Zuletzt bearbeitet 13.03.2025 16:15:20

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

6.5

CVE-2024-23446

  • EPSS 0.22%
  • Veröffentlicht 07.02.2024 04:15:07
  • Zuletzt bearbeitet 21.11.2024 08:57:43

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call th...

6.5

CVE-2023-46675

  • EPSS 0.17%
  • Veröffentlicht 13.12.2023 07:15:23
  • Zuletzt bearbeitet 21.11.2024 08:29:02

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The...

6.5

CVE-2023-46671

  • EPSS 0.22%
  • Veröffentlicht 13.12.2023 07:15:22
  • Zuletzt bearbeitet 21.11.2024 08:29:01

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credenti...