Lucene search
ElasticCVELIST:CVE-2024-37279HistoryJun 13, 2024 - 5:04 p.m.
CVE-2024-37279 Kibana Broken Access Control issue
2024-06-1317:04:41
elastic
www.cve.org
5
kibana
broken access control
alerting
run_soon api
system availability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS
0
Percentile
9.0%
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "8.13.4",
"status": "affected",
"version": "8.6.3",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2024-37279
2024-06-13 17:15:50
veracode
veracode
Denial Of Service
2024-07-04 07:37:39
osv
osv
BIT-kibana-2024-37279
2024-06-17 07:22:48
BIT-elk-2024-37279
2024-06-17 07:17:38
redhatcve
redhatcve
CVE-2024-37279
2024-06-06 07:31:36
vulnrichment
vulnrichment
CVE-2024-37279 Kibana Broken Access Control issue
2024-06-13 17:04:41
nvd
nvd
CVE-2024-37279
2024-06-13 17:15:50
nessus
nessus
Kibana 8.6.3 < 8.14 (ESA-2024-15)
2024-06-21 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-37279