Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.1 DoS (ESA-2026-32)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(318723);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/05");

  script_cve_id("CVE-2026-33464");
  script_xref(name:"IAVB", value:"2026-B-0141");

  script_name(english:"Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.1 DoS (ESA-2026-32)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.1. It is, therefore, affected
by a vulnerability as referenced in the ESA-2026-32 advisory.

  - Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive
    Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially
    crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available
    resources and become unresponsive to all users until the service recovers or is restarted.
    (CVE-2026-33464)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-1-security-update-esa-2026-32/386548
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7823d8f5");
  script_set_attribute(attribute:"solution", value:
"Update to Kibana version 8.19.16, 9.3.5, 9.4.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33464");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:elasticsearch:kibana");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("kibana_web_detect.nbin");
  script_require_keys("installed_sw/Kibana");
  script_require_ports("Services/www", 5601);

  exit(0);
}

include('http.inc');
include('vcf.inc');

var app = 'Kibana';

get_install_count(app_name:app, exit_if_zero:TRUE);

var port = get_http_port(default:5601);

var app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

var constraints = [
  { 'min_version' : '8.0.0', 'fixed_version' : '8.19.16' },
  { 'min_version' : '9.0.0', 'fixed_version' : '9.3.5' },
  { 'min_version' : '9.4.0', 'fixed_version' : '9.4.1' }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);