Multiple vulnerabilities in Elastic Kibana
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-43707 CVE-2024-43710 CVE-2024-43708 CVE-2024-52972 |
| CWE-ID | CWE-284 CWE-918 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Kibana Web applications / Other software |
| Vendor | Elastic Stack |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU103260
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43707
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user without access to Fleet can view Elastic Agent policies.
Install updates from vendor's website.
Vulnerable software versionsKibana: 8.0.0 - 8.14.3
CPE2.3- cpe:2.3:a:elastic_stack:kibana:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.5.1:*:*:*:*:*:*:*
https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU103259
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-43710
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the /api/fleet/health_check API. A remote user with read access to Fleet can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKibana: 8.7.0 - 8.14.3
CPE2.3- cpe:2.3:a:elastic_stack:kibana:8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:8.9.2:*:*:*:*:*:*:*
https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU103258
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-43708
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application in Kibana UI. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKibana: 7.0.0 - 8.14.3
CPE2.3- cpe:2.3:a:elastic_stack:kibana:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.17.22:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic_stack:kibana:7.9.3:*:*:*:*:*:*:*
https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU103257
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-52972
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application at the "/api/metrics/snapshot" API endpoint. A remote user with read access to the Observability Metrics or Logs features in Kibana can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsKibana: 7.0.0 - 8.14.3
CPE2.3 External linkshttps://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
