Bug 2292364 (CVE-2024-23443) - CVE-2024-23443 kibana: uncontrolled resource consumption
Summary: CVE-2024-23443 kibana: uncontrolled resource consumption
Keywords:
Status: NEW
Alias: CVE-2024-23443
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2292363
TreeView+ depends on / blocked
 
Reported: 2024-06-14 06:53 UTC by Rohit Keshri
Modified: 2024-06-14 17:43 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2024-06-14 06:53:08 UTC
Kibana uncontrolled resource consumption (ESA-2024-11)

   A high-privileged user, allowed to create custom osquery packs could
   affect the availability of Kibana by uploading a maliciously crafted
   osquery pack.

  Affected Versions:

   Kibana versions before 7.17.22 and before 8.14.0

  Solutions and Mitigations:

   The issue is resolved in version 7.17.22 and 8.14.0

   Severity: CVSSv3.1: 4.9(Medium) -
   CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

   CVE ID: CVE-2024-23443

   1 post - 1 participant

   Read full topic

Reference:
https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460


Note You need to log in before you can comment on or make changes to this bug.