Lucene search
K

7 matches found

OSV
OSV
added 2026/04/13 5:42 a.m.3 views

BIT-KIBANA-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 5:38 a.m.3 views

BIT-ELK-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32407

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.11 views

Kibana 8.x < 8.19.14 / 9.0.x < 9.2.8 / 9.3.x < 9.3.3 Multiple Vulnerabilities (ESA-2026-21 / ESA-2026-24 / ESA-2026-25 / ESA-2026-26)

The version of Kibana installed on the remote host is prior to 8.19.14, 9.2.8, or 9.3.3. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-21, ESA-2026-24, ESA-2026-25, and ESA-2026-26 advisories. - An incorrect authorization vulnerability in Kibana Fleet allows...

7.7CVSS5.8AI score0.003EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-33460

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.9AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 5:21 p.m.5 views

CVE-2026-33460

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS0.00175EPSS
Exploits0References1
Elastic
Elastic
added 2026/04/08 4:22 p.m.19 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-25)

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy...

4.3CVSS5.7AI score0.00175EPSS
Exploits0
Rows per page
Query Builder