Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2024-23446
HistoryFeb 07, 2024 - 4:15 a.m.

Design/Logic Flaw

2024-02-0704:15:00
PRIOn knowledge base
www.prio-n.com
10
elastic
detection engine
security flaw
unauthorized access
documents .

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.

CPENameOperatorVersion
kibanage8.0.0
kibanalt8.12.1

Related

cve 1
nessus 1
cvelist 1
nvd 1
cve
cve
CVE-2024-23446
2024-02-07 04:15:07
nessus
nessus
Kibana 8.0.x < 8.12.1 (ESA-2024-01)
2024-02-09 00:00:00
cvelist
cvelist
CVE-2024-23446 Kibana Broken Access Control issue
2024-02-07 03:16:39
nvd
nvd
CVE-2024-23446
2024-02-07 04:15:07

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON
Related for PRION:CVE-2024-23446
cve1nessus1cvelist1nvd1