Bug 2292843 (CVE-2024-23442) - CVE-2024-23442 kibana: Open Redirect Issue
Summary: CVE-2024-23442 kibana: Open Redirect Issue
Keywords:
Status: NEW
Alias: CVE-2024-23442
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2293145 2293146
Blocks: 2292842
TreeView+ depends on / blocked
 
Reported: 2024-06-18 04:26 UTC by Patrick Del Bello
Modified: 2024-06-20 18:55 UTC (History)
16 users (show)

Fixed In Version: kibana 7.17.22, kibana 8.14.0
Doc Type: ---
Doc Text:
An open redirect flaw was found in Kibana. This issue can lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2024-06-18 04:26:27 UTC
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502


Note You need to log in before you can comment on or make changes to this bug.