7 matches found
BIT-KIBANA-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
BIT-ELK-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
PT-2026-32407
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
Kibana 8.x < 8.19.14 / 9.0.x < 9.2.8 / 9.3.x < 9.3.3 Multiple Vulnerabilities (ESA-2026-21 / ESA-2026-24 / ESA-2026-25 / ESA-2026-26)
The version of Kibana installed on the remote host is prior to 8.19.14, 9.2.8, or 9.3.3. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-21, ESA-2026-24, ESA-2026-25, and ESA-2026-26 advisories. - An incorrect authorization vulnerability in Kibana Fleet allows...
CVE-2026-33460
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
CVE-2026-33460
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-25)
Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy...