CVE-2024-11390

🗓️ 01 May 2025 13:11:14Reported by elasticType

Unrestricted file upload in Kibana can cause JavaScript execution via crafted files, requiring Synthetics access.

Reporter	Title	Published	Views	Family All 11
CNNVD	Elastic Kibana 安全漏洞	1 May 202500:00	–	cnnvd
Cvelist	CVE-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS	1 May 202513:11	–	cvelist
Elastic	Kibana 7.17.24 and 8.12.0 Security Update (ESA-2024-20)	1 May 202511:34	–	elastic
EUVD	EUVD-2025-13051	3 Oct 202520:07	–	euvd
Tenable Nessus	Kibana 7.17.6 < 7.17.24 / 8.4.x < 8.12.0 XSS (ESA-2024-20)	9 May 202500:00	–	nessus
NVD	CVE-2024-11390	1 May 202514:15	–	nvd
OSV	BIT-ELK-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS	3 May 202505:37	–	osv
OSV	BIT-KIBANA-2024-11390 Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS	3 May 202505:44	–	osv
Positive Technologies	PT-2025-18389 · Elastic · Kibana	1 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-11390	3 May 202514:48	–	redhatcve

NVD

Node

elastic kibanaRange7.17.6–7.17.24

elastic kibanaRange8.4.0–8.12.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Kibana",
    "repo": "https://github.com/elastic/kibana",
    "vendor": "Elastic",
    "versions": [
      {
        "lessThan": "7.17.23",
        "status": "affected",
        "version": "7.17.6",
        "versionType": "semver"
      },
      {
        "lessThan": "8.11.4",
        "status": "affected",
        "version": "8.4.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
discuss	www.discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712

01 Oct 2025 19:29Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

EPSS0.00267

SSVC

CWE-434